Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3.17.7+SetupWIService.exe

Overview

General Information

Sample name:3.17.7+SetupWIService.exe
Analysis ID:1386710
MD5:8224e4849ac357d63c1a1d0e65678064
SHA1:b47847707cfd70f755f7172948b959fbe12d64dc
SHA256:40b896eb84804b37301266a61bbf511e9d50d345368e53943e6c7057126046ba
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Modifies the hosts file
Modifies the windows firewall
Sets file extension default program settings to executables
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Tries to delay execution (extensive OutputDebugStringW loop)
Uses netsh to modify the Windows network and firewall settings
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Explorer Process Tree Break
Sigma detected: Office Autorun Keys Modification
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Sigma detected: Remote Thread Creation By Uncommon Source Image
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • 3.17.7+SetupWIService.exe (PID: 7124 cmdline: C:\Users\user\Desktop\3.17.7+SetupWIService.exe MD5: 8224E4849AC357D63C1A1D0E65678064)
    • cmd.exe (PID: 6476 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5308 cmdline: taskkill /F /IM WIService.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6232 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1368 cmdline: taskkill /F /IM WIui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 280 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6204 cmdline: taskkill /F /IM wirtpproxy.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5308 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1620 cmdline: taskkill /F /IM wiservice-ui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 772 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6540 cmdline: taskkill /F /IM vncsrv.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 1188 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1456 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6452 cmdline: cmd /C taskkill /F /IM WildixOutlookSync32.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6500 cmdline: taskkill /F /IM WildixOutlookSync32.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 1368 cmdline: cmd /C taskkill /F /IM WildixOutlookSync64.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 2140 cmdline: taskkill /F /IM WildixOutlookSync64.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • wiservice.exe (PID: 3484 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • spoolsv.exe (PID: 6452 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
    • RegAsm.exe (PID: 5780 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 4928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6232 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4416 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 4192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2852 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 7020 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6300 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 4928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2516 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 3004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 1340 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 1640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2356 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6408 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5428 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 3052 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • cmd.exe (PID: 1404 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 5212 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • wiservice.exe (PID: 2492 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • wiservice.exe (PID: 2996 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • explorer.exe (PID: 6692 cmdline: C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 5948 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • explorer.exe (PID: 6544 cmdline: C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
    • cmd.exe (PID: 2852 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6116 cmdline: schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • explorer.exe (PID: 772 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
      • wiservice.exe (PID: 3548 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • cmd.exe (PID: 3180 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • spoolsv.exe (PID: 4536 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • wiservice.exe (PID: 6296 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --update MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
  • wiservice.exe (PID: 5436 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • wiservice.exe (PID: 6308 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
    • wiservice.exe (PID: 6356 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
  • explorer.exe (PID: 6372 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 7096 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: 0BC9CDC14493914B549C5F2FFCAD4DC6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\spoolsv.exe, SourceProcessId: 6452, StartAddress: 215CDF50, TargetImage: C:\Windows\System32\conhost.exe, TargetProcessId: 6452
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files\Wildix\WIService\WIService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\3.17.7+SetupWIService.exe, ProcessId: 7124, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WIService
Sigma detected: Explorer Process Tree Break
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 6372, ProcessName: explorer.exe
Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: Wildix Outlook Integration, EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 3548, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\WildixOutlookAddin\Description
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Source: Registry Key setAuthor: Bhabesh Raj: Data: Details: Wildix Outlook Integration, EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 3548, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\WildixOutlookAddin\Description
Sigma detected: Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\explorer.exe, SourceProcessId: 6544, StartAddress: 213032B0, TargetImage: C:\Windows\System32\conhost.exe, TargetProcessId: 6544
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 3B 00 77 00 69 00 6C 00 64 00 69 00 78 00 69 00 6E 00 74 00 65 00 67 00 72 00 61 00 74 00 69 00 6F 00 6E 00 2E 00 65 00 75 00 3B 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 2492, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_9ad1d0e9-3
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeEXE: cmd.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeEXE: cmd.exeJump to behavior
Uses 32bit PE files
Source: 3.17.7+SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.icoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5dcb.dfuJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5dcb.dfuJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
PE / OLE file has a valid certificate
Source: 3.17.7+SetupWIService.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: 3.17.7+SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c0 source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdbv source: spoolsv.exe, 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb: source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: RegAsm.exe, 0000002C.00000002.2579637266.000001D5D6B62000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: RegAsm.exe, 00000028.00000002.2363971624.000001EF77EC2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: RegAsm.exe, 0000002C.00000002.2579637266.000001D5D6B62000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: RegAsm.exe, 0000002A.00000002.2471411143.0000020CC6F42000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: RegAsm.exe, 0000002A.00000002.2471411143.0000020CC6F42000.00000002.00000001.01000000.0000000D.sdmp
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF005D0 FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,28_2_00007FFE0BF005D0
Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 534Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 466Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 416Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 384Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 502Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 489Content-Type: application/x-www-form-urlencoded
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: unknownDNS traffic detected: queries for: files.wildix.com
Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 534Content-Type: application/x-www-form-urlencoded
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: wiservice.exe, 0000003F.00000003.3137883605.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3332256424.0000020B893B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138591424.0000020B893C4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3341250028.0000020B893D8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934172748.0000020B893B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934691905.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138464926.0000020B893C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: wiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: 3.17.7+SetupWIService.exe, 00000000.00000000.1643040832.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: wiservice.exe, 0000003F.00000003.3137883605.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3332256424.0000020B893B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138591424.0000020B893C4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3341250028.0000020B893D8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934172748.0000020B893B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934691905.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138464926.0000020B893C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
Source: 3.17.7+SetupWIService.exe, 00000000.00000003.2841203484.000000000074D000.00000004.00000020.00020000.00000000.sdmp, 3.17.7+SetupWIService.exe, 00000000.00000002.2842121913.0000000000750000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.comDisplayIcon
Source: wiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gimp.orgg
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2725024405.000001BEC584F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
Source: wiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/V
Source: wiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710754739.000001A0CA1E9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710676571.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomkn
Source: wiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA118000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhi
Source: wiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: wiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: wiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceevent=unknownEventevent=data&
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2725024405.000001BEC584F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
Source: wiservice.exe, 0000003C.00000002.2725024405.000001BEC584F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceG5
Source: wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicee
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiserviceemailothersizestypemessagecontextfeedback.zipPr
Source: wiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/WiserviceerQ
Source: wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicerxe#
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.json
Source: wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
Source: wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json&
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterS
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA1F2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2716856149.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg
Source: wiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710754739.000001A0CA1E9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2711012249.000001A0CA1A5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710795079.000001A0CA1EA000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710676571.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkg
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA1F2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2716856149.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe
Source: wiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727030899.0000001C57CF8000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.json
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsonI
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsoni
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsonose
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: RegAsm.exe, 00000028.00000002.2363971624.000001EF77EC2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/serilog/serilog/pull/819.
Source: 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3137883605.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3332256424.0000020B893B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138591424.0000020B893C4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3341250028.0000020B893D8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934172748.0000020B893B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934691905.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138464926.0000020B893C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ
Source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.comhttps://wildix.atlassian.net/wiki/x/HgfOAQURL
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF4DD20: DeviceIoControl,28_2_00007FFE0BF4DD20
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdlJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF12E1828_2_00007FFE0BF12E18
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF75B3C28_2_00007FFE0BF75B3C
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BEF51C428_2_00007FFE0BEF51C4
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BEF37A028_2_00007FFE0BEF37A0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF80C9028_2_00007FFE0BF80C90
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF7CD3C28_2_00007FFE0BF7CD3C
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BEFB97028_2_00007FFE0BEFB970
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1BF3028_2_00007FFE0BF1BF30
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF2AF3C28_2_00007FFE0BF2AF3C
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BEF493028_2_00007FFE0BEF4930
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF13F6028_2_00007FFE0BF13F60
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF0391028_2_00007FFE0BF03910
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF87FF028_2_00007FFE0BF87FF0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1184028_2_00007FFE0BF11840
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF168B028_2_00007FFE0BF168B0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF898B028_2_00007FFE0BF898B0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF7198028_2_00007FFE0BF71980
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF2A9D428_2_00007FFE0BF2A9D4
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF39A4428_2_00007FFE0BF39A44
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF79AF028_2_00007FFE0BF79AF0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF29B2228_2_00007FFE0BF29B22
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF87B5C28_2_00007FFE0BF87B5C
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF53B6028_2_00007FFE0BF53B60
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1ABF028_2_00007FFE0BF1ABF0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF2E44428_2_00007FFE0BF2E444
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF7247828_2_00007FFE0BF72478
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1A4B028_2_00007FFE0BF1A4B0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF4451428_2_00007FFE0BF44514
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF6951828_2_00007FFE0BF69518
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF7157828_2_00007FFE0BF71578
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF255E028_2_00007FFE0BF255E0
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF6767028_2_00007FFE0BF67670
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF8867028_2_00007FFE0BF88670
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF906B828_2_00007FFE0BF906B8
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF3A6EC28_2_00007FFE0BF3A6EC
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF7177C28_2_00007FFE0BF7177C
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF727FC28_2_00007FFE0BF727FC
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1381028_2_00007FFE0BF13810
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF0C19028_2_00007FFE0BF0C190
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF2723028_2_00007FFE0BF27230
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF732C428_2_00007FFE0BF732C4
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1532028_2_00007FFE0BF15320
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF7F34028_2_00007FFE0BF7F340
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF0D35028_2_00007FFE0BF0D350
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF1937028_2_00007FFE0BF19370
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF8239428_2_00007FFE0BF82394
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF4F39028_2_00007FFE0BF4F390
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 30_2_00007FFD9B96127830_2_00007FFD9B961278
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 30_2_00007FFD9B961A7730_2_00007FFD9B961A77
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 30_2_00007FFD9B96A8A830_2_00007FFD9B96A8A8
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 34_2_00007FFD9BB8128834_2_00007FFD9BB81288
Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FFE0BF279B0 appears 64 times
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wfaxport.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spinf.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printercleanuptask.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
Source: 3.17.7+SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal51.adwa.evad.winEXE@117/94@3/4
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2920:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:772:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4268:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2104:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4192:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3004:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6524:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3484:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.updater
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6880:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3236:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6276:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1396:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2908:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2056:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1640:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:120:WilError_03
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsn1C75.tmpJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: 3.17.7+SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync32.exe")
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync64.exe")
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile read: C:\Users\user\Desktop\3.17.7+SetupWIService.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\3.17.7+SetupWIService.exe C:\Users\user\Desktop\3.17.7+SetupWIService.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --update
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineIdJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /FJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.icoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5dcb.dfuJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5dcb.dfuJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
Source: 3.17.7+SetupWIService.exeStatic PE information: certificate valid
Source: 3.17.7+SetupWIService.exeStatic file information: File size 25493968 > 1048576
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: 3.17.7+SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c0 source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdbv source: spoolsv.exe, 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb: source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: RegAsm.exe, 0000002C.00000002.2579637266.000001D5D6B62000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: RegAsm.exe, 00000028.00000002.2363971624.000001EF77EC2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: RegAsm.exe, 0000002C.00000002.2579637266.000001D5D6B62000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: RegAsm.exe, 0000002A.00000002.2471411143.0000020CC6F42000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: RegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: RegAsm.exe, 0000002A.00000002.2471411143.0000020CC6F42000.00000002.00000001.01000000.0000000D.sdmp
Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
Source: wfaxport.dll.0.drStatic PE information: section name: _RDATA
Source: wiservice.exe.0.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF31402 push rbp; iretd 28_2_00007FFE0BF31403
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 34_2_00007FFD9BB87C2E pushad ; retf 34_2_00007FFD9BB87C5D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 34_2_00007FFD9BB87C5E push eax; retf 34_2_00007FFD9BB87C6D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 34_2_00007FFD9BB8842E pushad ; ret 34_2_00007FFD9BB8845D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 34_2_00007FFD9BB8845E push eax; ret 34_2_00007FFD9BB8846D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 36_2_00007FFD9BB7785E push eax; iretd 36_2_00007FFD9BB7786D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 36_2_00007FFD9BB7842E pushad ; ret 36_2_00007FFD9BB7845D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 36_2_00007FFD9BB760AA pushad ; ret 36_2_00007FFD9BB760AB
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 36_2_00007FFD9BB7782E pushad ; iretd 36_2_00007FFD9BB7785D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 36_2_00007FFD9BB7845E push eax; ret 36_2_00007FFD9BB7846D
Source: msvcrt.dll.0.drStatic PE information: section name: .text entropy: 6.892055007396566
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\nsExec.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\System.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Program Files\Wildix\WIService\wiservice.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WIService.wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1
Source: C:\Program Files\Wildix\WIService\wiservice.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WIService.xbees\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 203
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 21175B40000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 211776B0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 28C3CD40000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 28C56690000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 2529AAF0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 252B4520000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 26D0A3B0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 26D23EF0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1EF77CA0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1EF798A0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 20CC56B0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 20CDF030000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1D5D52C0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1D5EEC40000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 19AA8660000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 19AC1EE0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 30_2_00007FFD9BAF0060 rdtsc 30_2_00007FFD9BAF0060
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\nsExec.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\System.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeAPI coverage: 6.0 %
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exe TID: 352Thread sleep time: -31100s >= -30000sJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 2184Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3156Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5216Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5640Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5928Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6324Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6284Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6632Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5948Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4048Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1072Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6908Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2792Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6232Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6880Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3940Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5368Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 7104Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 4820Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 6296Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 4428Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF005D0 FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,28_2_00007FFE0BF005D0
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+$
Source: wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
Source: spoolsv.exe, 0000001A.00000002.1765235718.0000000000439000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001C.00000002.3510451547.0000000001033000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2706788174.000001E511858000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2705989574.000001E511854000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000003.2723030421.000001BEC587B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wiservice.exe, 00000019.00000003.1785905694.00000288A912E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[[
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-3504
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 30_2_00007FFD9BAF0060 rdtsc 30_2_00007FFD9BAF0060
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF6F214 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE0BF6F214
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF5F590 GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,28_2_00007FFE0BF5F590
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF501B8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FFE0BF501B8
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF6F214 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE0BF6F214
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /FJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: {}error sending OK messagewrite timeoutnew {}x{} {}bpp framebufferdeleting old {}x{} {}bpp framebufferread error while receiving security typeclient gone while receiving security typecouldn't send ERROR messagecouldn't send auth result: %scouldn't send raw datacouldn't send rect headerInvalid Security Typeinvalid security type {}couldn't send message headersending {} rectsrects data size mismatch ({})couldn't send encoded datacouldn't send update message rect headercouldn't send update message headerclient gone while sending update message headerregister RFB message: code:{}couldn't initialize extensionVNC main thread started SERVER: {:#08x}vncregister RFB pseudo encoding: code:{:#x} name:{}PseudoEncoding 0x%Xregister RFB encoding: code:{:#x} name:{}Encoding 0x%Xcouldn't receive client protocol versionclient gone while receiving protocol versioncouldn't send protocol versionserver extension returned FALSE on connectRFB version mismatch: server %d.%d, client %d.%dmajor RFB version mismatchclient RFB version: {}.{}invalid RFB clientcouldn't send auth typeclient gone while sending auth typeusing auth type {}minor RFB version mismatchclient gone while sending server init messageframebuffer size: {}x{}couldn't receive client init messageclient gone while initializingcouldn't receive client messageclient gone while receiving messagecouldn't create output threadcouldn't send server init messageclient gone while receiving FixColorMapEntries messagerequested {}bpp pixel formatcouldn't receive SetPixelFormat messageclient gone while receiving SetPixelFormat messagecouldn't receive SetEncodings messageclient gone while receiving SetEncodings messagefix_color_map_entries is not supportedcouldn't FixColorMapEntries messageenabling immediate_update extension for client {}enabling desktop_resize extension for client {}couldn't recieve encoding typeclient gone while receiving encoding typeextension failed to process pseudo encoding {}recv pseudo encoding: {}extension failed to process encoding {}recv encoding: {}client gone while receiving KeyEvent messagecouldn't receive FrameBufferUpdateRequest messageclient gone while receiving FramebufferUpdateRequest messageunknown encoding type: {:#x}recv key_event: keysym:{:#x} {}unpresspresscouldn't receive KeyEvent messagecouldn't receive CutText messageclient gone while receiving CutText messagecouldn't receive PointerEvent messageclient gone while receiving PointerEvent messageclient gone while receiving SetScaleFactor messagerecv clipboard: {}couldn't receive clipboard textclient gone while receiving clipboard textcouldn't join output threadunknown client message {}extension failed to process message {}couldn't receive SetScaleFactor messageout vncVNC main thread EXIT SERVER: {:#08x}failed to deinit extensionserver extension returned FALSE on disconnectsend framebuffer_update: x:{} y:{} w:{} h:{}send desktop_resize: {}x{}couldn't send extension dataclient gone while sending extension dataperforming full framebuffer r
Source: wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: streamerC:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\integrations\screen-sharing\Streamer.cppcouldn't create streamer iteration threadstreamer's pending connection couldn't complete in {}mswaiting for all connections to resolvecouldn't join streamer iteration threadjoin streamer iteration threadwildix auth marker '{}' sentXWD_REFM_OKWD_REFM_01connecting to {}:{}seqid {:#x} does not match last sent PING request ({:#x})invalid wildix auth replywildix auth reply '{}' received%dserver connectedauth failedcouldn't create socketE_SCREEN_SHARINGdisplaysconfiginvalid peer '{}'R_SCREEN_SHARINGSHUTDOWNdisconnectedcouldn't reconnectsetting 'control' parameter to '{}'setting 'display' parameter to '{}'put message on hold because user does not allow remote controlponginvalid msgdatacouldn't parse message JSONlaunching system process toolsetting 'app' parameter to '{}'setparameterspinginvalid commandseqidprocess pending parameters change requestunrecognized command '{}'showprocesstoolgetconfigdesktop recording is restrictedfirst lock took {}mslast iteration took {}ms{}:{}recreating desktop objectdesktop resize took {}mssecond lock took {}msdesktop update took {}msdesktop target check took {}mssize: {}x{}, desktop size: {}x{}sleep took {}msthird lock took {}msframebuffer update took {}msconnection goneconnectedserver screenupdate took {} msclosing server due to screen resizeexit loopreconnecting due to error, {} attempts left{}ms without PONG replies from clientWIService.DesktopNotifyC:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\integrations\screen-sharing\utils\win\WinDesktopConfiguration.cppStarting desktop notifications loopProgmanFinishing desktop notifications loopDesktop configuration changedCouldn't create desktop notification window. CreateWindowExW() failed with error {}Generic PnP MonitorRefreshing desktop configurationRefreshing window configurationButtonNo HMONITOR found for supplied device index {}h$m
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,28_2_00007FFE0BF8FD08
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,28_2_00007FFE0BF8FB24
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoW,28_2_00007FFE0BF83BD4
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,28_2_00007FFE0BF8F61C
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,28_2_00007FFE0BF83694
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,28_2_00007FFE0BF8F6EC
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoEx,28_2_00007FFE0BF4A80C
Source: C:\Windows\System32\spoolsv.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,28_2_00007FFE0BF8F2C0
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Office.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Program Files\Wildix VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Program Files\Wildix VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Windows\System32\spoolsv.exeCode function: 28_2_00007FFE0BF50CF8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,28_2_00007FFE0BF50CF8
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Modifies the windows firewall
Source: C:\Users\user\Desktop\3.17.7+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
File and Directory Permissions Modification		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		211
Disable or Modify Tools		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol1
Clipboard Data		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Access Token Manipulation		1
Deobfuscate/Decode Files or Information		Security Account Manager27
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		1
Windows Service		3
Obfuscated Files or Information		NTDS41
Security Software Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd11
Registry Run Keys / Startup Folder		12
Process Injection		1
Software Packing		LSA Secrets2
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Scheduled Task/Job		1
Timestomp		Cached Domain Credentials131
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Search Order Hijacking		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron123
Masquerading		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd131
Virtualization/Sandbox Evasion		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Access Token Manipulation		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers12
Process Injection		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1386710 Sample: 3.17.7+SetupWIService.exe Startdate: 05/02/2024 Architecture: WINDOWS Score: 51 83 files.wildix.com 2->83 85 feedback.wildix.com 2->85 89 Tries to delay execution (extensive OutputDebugStringW loop) 2->89 91 Sigma detected: Rare Remote Thread Creation By Uncommon Source Image 2->91 9 3.17.7+SetupWIService.exe 14 87 2->9         started        13 spoolsv.exe 109 45 2->13         started        15 wiservice.exe 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 61 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 9->61 dropped 63 C:\...\WisUpdateCheckerTaskX64.xml, XML 9->63 dropped 65 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 9->65 dropped 73 32 other files (none is malicious) 9->73 dropped 101 Modifies the windows firewall 9->101 20 cmd.exe 9->20         started        23 wiservice.exe 9->23         started        26 wiservice.exe 9->26         started        34 26 other processes 9->34 67 C:\Windows\system32\...\unires.dll (copy), PE32+ 13->67 dropped 69 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 13->69 dropped 71 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 13->71 dropped 75 3 other files (none is malicious) 13->75 dropped 28 wiservice.exe 15->28         started        30 wiservice.exe 15->30         started        77 54.230.31.73, 443, 49747, 49750 AMAZON-02US United States 17->77 79 files.wildix.com 54.230.31.9, 443, 49744 AMAZON-02US United States 17->79 81 127.0.0.1 unknown unknown 17->81 32 wiservice.exe 17->32         started        file6 signatures7 process8 file9 93 Uses schtasks.exe or at.exe to add and modify task schedules 20->93 95 Uses netsh to modify the Windows network and firewall settings 20->95 36 conhost.exe 20->36         started        38 schtasks.exe 20->38         started        51 C:\Windows\System32\drivers\etc\hosts, ASCII 23->51 dropped 97 Modifies the hosts file 23->97 99 Sets file extension default program settings to executables 26->99 53 C:\Windows\System32\wfaxport.dll, PE32+ 34->53 dropped 55 C:\Windows\System32\spool\...\unires.dll, PE32+ 34->55 dropped 57 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 34->57 dropped 59 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 34->59 dropped 40 taskkill.exe 1 34->40         started        42 wiservice.exe 34->42         started        45 taskkill.exe 1 34->45         started        47 29 other processes 34->47 signatures10 process11 dnsIp12 49 conhost.exe 40->49         started        87 feedback.wildix.com 52.29.89.211, 443, 49753, 49759 AMAZON-02US United States 42->87 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
3.17.7+SetupWIService.exe0%ReversingLabs
3.17.7+SetupWIService.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Office.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Office.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\Serilog.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\UC.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UC.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\UninstallWIService.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\UninstallWIService.exe0%VirustotalBrowse
C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll0%VirustotalBrowse
C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe0%VirustotalBrowse
C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe3%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe1%VirustotalBrowse
C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe0%VirustotalBrowse
C:\Program Files\Wildix\WIService\dotnet-dump.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\dotnet-dump.exe0%VirustotalBrowse
C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL0%VirustotalBrowse
C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL0%VirustotalBrowse
C:\Program Files\Wildix\WIService\fax\UNIRES.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIRES.DLL0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
https://www.wildix.comhttps://wildix.atlassian.net/wiki/x/HgfOAQURL0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html0%Avira URL Cloudsafe
https://curl.se/docs/http-cookies.html0%Avira URL Cloudsafe
http://pbx.wildix.comDisplayIcon0%Avira URL Cloudsafe
http://ocsp.sectigo.com090%Avira URL Cloudsafe
http://www.gimp.orgg0%Avira URL Cloudsafe
https://curl.se/docs/http-cookies.html0%VirustotalBrowse
https://curl.se/docs/alt-svc.html0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html0%VirustotalBrowse
http://jimmac.musichall.cz0%Avira URL Cloudsafe
https://curl.se/docs/alt-svc.html0%VirustotalBrowse
http://jimmac.musichall.cz0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
files.wildix.com
54.230.31.9
truefalse
    		high
    feedback.wildix.com
    		52.29.89.211
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://files.wildix.com/integrations/applications.jsonfalse
        		high
        https://files.wildix.com/integrations/integrations.jsonfalse
          		high
          https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.wildix.comhttps://wildix.atlassian.net/wiki/x/HgfOAQURLwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl03.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://ocsp.sectigo.com03.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://www.wildix.comwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
              		high
              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://feedback.wildix.com/api/v1/Feedback/Wiserviceewiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://files.wildix.com/integrations/x-beesNativeApp.jsoniwiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2725024405.000001BEC584F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://files.wildix.com/integrations/wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                      		high
                      https://github.com/opencv/opencv/issues/16739wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                        		high
                        https://feedback.wildix.com/api/v1/Feedback/WiserviceG5wiservice.exe, 0000003C.00000002.2725024405.000001BEC584F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://curl.se/docs/hsts.htmlwiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://wildix.atlassian.net/wiki/x/HgfOAQwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                            		high
                            https://backtrace.wildix.com/api/v1/IntegrationService/Trace/Vwiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterSwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                                		high
                                https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exewiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA1F2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2716856149.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiwiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA118000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://files.wildix.com/integrations/osx/wiservice/WIService.pkgwiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710754739.000001A0CA1E9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2711012249.000001A0CA1A5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710795079.000001A0CA1EA000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710676571.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://files.wildix.com/integrations/x-beesNativeApp.jsonIwiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://files.wildix.com/integrations/win/wiservice/SetupWIService.exewiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/serilog/serilog/pull/819.RegAsm.exe, 00000028.00000002.2363971624.000001EF77EC2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                            		high
                                            http://pbx.wildix.comDisplayIcon3.17.7+SetupWIService.exe, 00000000.00000003.2841203484.000000000074D000.00000004.00000020.00020000.00000000.sdmp, 3.17.7+SetupWIService.exe, 00000000.00000002.2842121913.0000000000750000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2725024405.000001BEC584F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 0000003F.00000003.3137883605.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3332256424.0000020B893B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138591424.0000020B893C4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3341250028.0000020B893D8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934172748.0000020B893B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934691905.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138464926.0000020B893C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                https://sectigo.com/CPS03.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3137883605.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3332256424.0000020B893B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138591424.0000020B893C4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3341250028.0000020B893D8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934172748.0000020B893B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934691905.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138464926.0000020B893C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://curl.se/docs/http-cookies.htmlwiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ocsp.sectigo.com09wiservice.exe, 0000003F.00000003.3137883605.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3332256424.0000020B893B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138591424.0000020B893C4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3341250028.0000020B893D8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934172748.0000020B893B2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.2934691905.0000020B893C1000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3138464926.0000020B893C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.gimp.orggwiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://files.wildix.com/integrations/integrations.json&wiservice.exe, 00000019.00000002.1786562264.00000288A90E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://nsis.sf.net/NSIS_ErrorError3.17.7+SetupWIService.exe, 00000000.00000000.1643040832.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                    		high
                                                    https://curl.se/docs/alt-svc.htmlwiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    • 0%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://feedback.wildix.com/api/v1/Feedback/WiserviceerQwiservice.exe, 0000003B.00000002.2706653298.000001E511817000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://james.newtonking.com/projects/jsonRegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknwiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710754739.000001A0CA1E9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710676571.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://feedback.wildix.com/api/v1/Analytics/wiserviceevent=unknownEventevent=data&wiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                          		high
                                                          https://feedback.wildix.com/api/v1/Feedback/Wiservicerxe#wiservice.exe, 0000003D.00000002.3511617406.0000028A2FF08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://files.wildix.com/integrations/x-beesNativeApp.jsonwiservice.exe, 0000003A.00000002.2727393250.000001A0CA12D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727030899.0000001C57CF8000.00000004.00000010.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://files.wildix.com/integrations/x-beesNativeApp.jsonosewiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://files.wildix.com/integrations/win/tapi/WildixTAPI.exewiservice.exe, 0000003A.00000003.2710718475.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2710874036.000001A0CA1C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#3.17.7+SetupWIService.exe, 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 00000019.00000003.1785002851.00000288A918D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://jimmac.musichall.czwiservice.exe, 00000019.00000000.1720314597.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000019.00000002.1791209342.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2702433584.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2702620640.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2711957293.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000000.2716473184.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F0414000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.newtonsoft.com/jsonschemaRegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                    		high
                                                                    https://www.nuget.org/packages/Newtonsoft.Json.BsonRegAsm.exe, 00000026.00000002.2256331914.0000026D245B2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                      		high
                                                                      https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgwiservice.exe, 0000003A.00000002.2727393250.000001A0CA193000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2727393250.000001A0CA1F2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2716856149.000001A0CA1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assignwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          https://feedback.wildix.com/api/v1/Feedback/Wiserviceemailothersizestypemessagecontextfeedback.zipPrwiservice.exe, 00000019.00000002.1791209342.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2731833194.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2707938695.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.2728401845.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003D.00000002.3515591460.00007FF7F056D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            54.230.31.9
                                                                            		files.wildix.comUnited States
                                                                            		16509AMAZON-02USfalse
                                                                            52.29.89.211
                                                                            		feedback.wildix.comUnited States
                                                                            		16509AMAZON-02USfalse
                                                                            54.230.31.73
                                                                            		unknownUnited States
                                                                            		16509AMAZON-02USfalse

                                                                            Private

                                                                            IP
                                                                            127.0.0.1

                                                                            General Information

                                                                            Joe Sandbox version:39.0.0 Ruby
                                                                            Analysis ID:1386710
                                                                            Start date and time:2024-02-05 11:59:40 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 12m 54s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Run name:Run with higher sleep bypass
                                                                            Number of analysed new started processes analysed:77
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:3.17.7+SetupWIService.exe
                                                                            Detection:MAL
                                                                            Classification:mal51.adwa.evad.winEXE@117/94@3/4
                                                                            EGA Information:
                                                                            • Successful, ratio: 20%
                                                                            HCA Information:
                                                                            • Successful, ratio: 96%
                                                                            • Number of executed functions: 169
                                                                            • Number of non-executed functions: 165
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                            • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, crl.comodoca.com, ctldl.windowsupdate.com, crt.sectigo.com, officeclient.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 1340 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 2516 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 2852 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 4416 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 5780 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 6232 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 6300 because it is empty
                                                                            • Execution Graph export aborted for target RegAsm.exe, PID 7020 because it is empty
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            11:02:14Task SchedulerRun new task: WIService update checker path: C:\Program Files\Wildix\WIService\wiservice.exe s>--update
                                                                            11:02:15AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe
                                                                            12:01:19API Interceptor188x Sleep call for process: 3.17.7+SetupWIService.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            No context

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            feedback.wildix.comSetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                            • 3.64.145.227
                                                                            SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                            • 3.64.145.227
                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 54.93.167.246
                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 54.93.167.246
                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 35.157.107.60
                                                                            SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                            • 35.157.107.60
                                                                            files.wildix.comSetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 52.213.62.3
                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                            • 52.213.62.3

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            AMAZON-02USTk3pGuyMg5.exeGet hashmaliciousFormBookBrowse
                                                                            • 3.64.163.50
                                                                            P9NB4NSVEz.exeGet hashmaliciousFormBookBrowse
                                                                            • 18.143.129.199
                                                                            19jhH76Whk.exeGet hashmaliciousFormBookBrowse
                                                                            • 3.64.163.50
                                                                            qZUuzwZZUh.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            YPpU3jZY8L.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                            • 34.249.145.219
                                                                            https://cdoiq2024.org/Get hashmaliciousUnknownBrowse
                                                                            • 54.186.23.98
                                                                            SecuriteInfo.com.Win32.PWSX-gen.18465.17543.exeGet hashmaliciousLummaC, Amadey, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                            • 34.216.128.175
                                                                            x86-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 54.66.18.32
                                                                            https://www.smtd.link.maozizhaojuan.com/Get hashmaliciousUnknownBrowse
                                                                            • 52.195.61.47
                                                                            AMAZON-02USTk3pGuyMg5.exeGet hashmaliciousFormBookBrowse
                                                                            • 3.64.163.50
                                                                            P9NB4NSVEz.exeGet hashmaliciousFormBookBrowse
                                                                            • 18.143.129.199
                                                                            19jhH76Whk.exeGet hashmaliciousFormBookBrowse
                                                                            • 3.64.163.50
                                                                            qZUuzwZZUh.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            YPpU3jZY8L.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                            • 34.249.145.219
                                                                            https://cdoiq2024.org/Get hashmaliciousUnknownBrowse
                                                                            • 54.186.23.98
                                                                            SecuriteInfo.com.Win32.PWSX-gen.18465.17543.exeGet hashmaliciousLummaC, Amadey, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                            • 34.216.128.175
                                                                            x86-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 54.66.18.32
                                                                            https://www.smtd.link.maozizhaojuan.com/Get hashmaliciousUnknownBrowse
                                                                            • 52.195.61.47
                                                                            AMAZON-02USTk3pGuyMg5.exeGet hashmaliciousFormBookBrowse
                                                                            • 3.64.163.50
                                                                            P9NB4NSVEz.exeGet hashmaliciousFormBookBrowse
                                                                            • 18.143.129.199
                                                                            19jhH76Whk.exeGet hashmaliciousFormBookBrowse
                                                                            • 3.64.163.50
                                                                            qZUuzwZZUh.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            YPpU3jZY8L.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                            • 34.249.145.219
                                                                            https://cdoiq2024.org/Get hashmaliciousUnknownBrowse
                                                                            • 54.186.23.98
                                                                            SecuriteInfo.com.Win32.PWSX-gen.18465.17543.exeGet hashmaliciousLummaC, Amadey, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                            • 34.216.128.175
                                                                            x86-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 54.66.18.32
                                                                            https://www.smtd.link.maozizhaojuan.com/Get hashmaliciousUnknownBrowse
                                                                            • 52.195.61.47

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1691440
                                                                            Entropy (8bit):6.376606111466234
                                                                            Encrypted:false
                                                                            SSDEEP:49152:R0H28oc49lxvVtv4nZ70XYvHPhqkWHZC8l/Ia0dpZu4MRN:h9wn10/N
                                                                            MD5:EB29B84CBA6BC27279B2E45966FC98D3
                                                                            SHA1:E9468202FC92DD6117DB262C45049111340C54D0
                                                                            SHA-256:E0A70A5CB498EF97859B341741108F8F6FC05342F25C578CFF91337BE9ADEF09
                                                                            SHA-512:BD87108B209DF46B3261FEBAEBACDBFB25D558B39BAB416FBFE146D13D4482ABDEE3283245284D65452DFA76928B3A055A5A0718B1BF0B51C2B28D6464D1D8AA
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........xj..xj..xj......xj...n..xj...i..xj...o..xj...k..xj...m..xj...n..xj...k..xj..xk..yj...o..xj...j..xj......xj..x...xj...h..xj.Rich.xj.........................PE..d...2..c.........." .....V..........d-.......................................@............`.........................................P...........|....... ....0..t.......0)... ..........T.......................(...`...8............p...............................text....U.......V.................. ..`.rdata.......p.......Z..............@..@.data........ ......................@....pdata..t....0......................@..@.rsrc... ...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):985392
                                                                            Entropy (8bit):5.550497915726739
                                                                            Encrypted:false
                                                                            SSDEEP:24576:9mPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9Hwx:9mb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNo
                                                                            MD5:9F87E3AC1245E48C842E8CEC0B65298C
                                                                            SHA1:CB4FD3A06A674407444C5AAE9B3E4FE733127680
                                                                            SHA-256:B24295C66A5BE144840EDDB013BB80D7B03B5AC441DC7A4F3754C91503D5F315
                                                                            SHA-512:DF65802EF7F8299B47476451979E3EAA08AC728FF490FD471880EA4AC16B2DD0FCD067A4BB14BDB7D495B0D80AA2F0801322B4A4BE1ED79701E4788415CB7EEC
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... ............@.....................................K.......................0)........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):37168
                                                                            Entropy (8bit):6.3929976822261585
                                                                            Encrypted:false
                                                                            SSDEEP:384:6Ww7k8otmBsHC+w4TEn4jo+qMzEeBoOR/VEPY+GQ4A4agQS6Lc7DQWgyxmYi/Tj9:vwJTwYB4E5n/xe5arRkTS8PTEFiR
                                                                            MD5:19B3196A079068747DEAEC9DA92A98D2
                                                                            SHA1:ADBF03062DC4196028A5860C209080BBC62BE9B1
                                                                            SHA-256:0778D3FF09E653B39BA283E304D1466361FA2CD9E9D8479A6A6615169F3D53AF
                                                                            SHA-512:29509E16FFD6A68C2FA4225A46438A2B3745CBA08E3885856DF9E398CF93DEEE1F4A31BE8118E91B7FE4808C98726392884451973EEB84AD2055592C278E5461
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... ...............................r....@..................................v..O.......d............h..0)..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                                            C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):53552
                                                                            Entropy (8bit):6.185657310827765
                                                                            Encrypted:false
                                                                            SSDEEP:768:j7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsOukTfEFiR:vVs6c3dukTfei
                                                                            MD5:3CA7C47FC8C7B4A286888ABDEF5D6E77
                                                                            SHA1:01A5AE7EC8A25753DE88610643998BAFB15887AB
                                                                            SHA-256:AB2549C73BE9FA4BDEDF40EF3251E5399E39B1D66469BC2B4B2A1C7075180021
                                                                            SHA-512:398968CD6046CA5242B3DBF322CE4156C41604CB3B67E3BCA253E43E1992A3CEA73094F9A17C1A8F47C0192A02324A96D40A0B0C497EBC6EBB82F9854F460DC3
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ..............................O.....@.................................0...K.......@...............0)........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                                            C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):483120
                                                                            Entropy (8bit):5.885149460627859
                                                                            Encrypted:false
                                                                            SSDEEP:12288:Na9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZ7:Na9ps9y+hl8hyfItfqNWtkT4yzIDUCEb
                                                                            MD5:1A7A05FCC056641C468BEC98A0AC5F2C
                                                                            SHA1:D6004CDE4E6B7B277A0211AB6ABD0E0CD65F429C
                                                                            SHA-256:FC454F9490BA618D9DC00F9E2684D7DD8125F0326674EC557563EC5BF4BFBAE6
                                                                            SHA-512:82523E539474CB88005F9E7311A3C42F0F2984D894126C17C9F5E2CA4784BA51F2E7C1B8433665C5705C863E6F778BFD12A1DAB4D031F4D31AB1B00261E60085
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ....................................@.................................(L..S....`...............6..0)........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                                            C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):702768
                                                                            Entropy (8bit):5.942444295678654
                                                                            Encrypted:false
                                                                            SSDEEP:12288:Cf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHx:gXNL2PVh6B+BzjmcR
                                                                            MD5:A4C334EBB1B4AA4C94273A4E88BA19DC
                                                                            SHA1:879F9FA627698F7D58A50422EA6D27D30DD1020A
                                                                            SHA-256:3957B82846E840278BBA479CAD4EEC512DE85B53FC26BFFE7948E961BFBC42B9
                                                                            SHA-512:77BCA7634A40A9DB2F2D54067F5434D75DA06F1052815AA5FD9A91BD0A93DF16B9748B29D8599BD03B7D0E1BEEFD40E333E85BAD7A20FCEE82B28EE74BCED8B2
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...................................`.....................................O.......................0)..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                            C:\Program Files\Wildix\WIService\Office.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):420144
                                                                            Entropy (8bit):5.8563362255098275
                                                                            Encrypted:false
                                                                            SSDEEP:12288:Xo4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnq1:Xo4vyP2a+zKZsDr52f7rvq
                                                                            MD5:38380FDAC19E7A3DA9C3E49D753D5CD3
                                                                            SHA1:DD0DA13128A74D46E11A1231D7D3FF18AAFFB31C
                                                                            SHA-256:1C1662C4A5CC3F2539ED1DF558085B1B7076EB2B837E776CBD3DA48F2DC9205E
                                                                            SHA-512:75A33C6C2267CD8EFE7C7B82639FB09F08894E56EB4E97C60201EF9DA34AF23502A4856DAC545FB43BF1EF02E7CD9739A454D29A10757CDD0F4EDFC8B5C2CFAB
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ...............................b.......................................!..W....@..L............@..0)...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):42800
                                                                            Entropy (8bit):6.289211602123582
                                                                            Encrypted:false
                                                                            SSDEEP:384:7bd/GivDfRbUqX+pMA84UfYN7hzWrJ7HFjA7Avraq9E6ZAlJrKanrLCyaz/JllA5:Px+pe4L10ajxHJl7u4WHjWtkTZEFiR3i
                                                                            MD5:D53BB185CAC1A972FBF0A333C9D52769
                                                                            SHA1:D8F22F23E17981261959FA5AF88E86B2B7A5C8A6
                                                                            SHA-256:9EE6C8CDEF7BE531EEEA202DAC53C237195CA01C57411E83592E3E5666371F78
                                                                            SHA-512:A0D4A2DECD833A42588EA82CABBF1A921672C7B3C9EA11677EF9C579EDA192CD37BD8E7431EEE3DD52E9A2755E499219B04510FC96FFEFD2221B5EF11DD99134
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ..............................Sg....`.................................(...O.......L............~..0)..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                                            C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):17200
                                                                            Entropy (8bit):6.797331844768101
                                                                            Encrypted:false
                                                                            SSDEEP:384:drDJKl99Xk8jr8VGpwKNsP6vTJeGoGCJEF8ZpHXmU:dr20JkTSEFiR2
                                                                            MD5:8AE342200AA4483A757A32B307FCA692
                                                                            SHA1:E5BB2FE1E3B115B265A87EC502B9C98BD07C5DE8
                                                                            SHA-256:FB5DEDF592E130014F80899FBF28B6056F4E3DD6CEAC727A4321A55C6F8CF25F
                                                                            SHA-512:FF9C1DC27A7111FBEEE56A72A90AD661EBADFA74655319468352D83AC6C6748B76158B87DE7AB7B6D098D77BF7E87B0552BD14BFB00C7D353DEF91705C1273A9
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ...............................n....`................................../..O....@..@...............0)...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                                            C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):36656
                                                                            Entropy (8bit):6.396731083751628
                                                                            Encrypted:false
                                                                            SSDEEP:768:k2IVwX/kpnTXMcTWpHdD2JRrcfwcyJkToEFiR:4wXcpnTXMwWmJRXVJkToei
                                                                            MD5:FD05C308A7BC84D07DCAF9FBAEB91C5F
                                                                            SHA1:FBD022AF87A27A60F09E4E36747D241764A2EEA0
                                                                            SHA-256:47117D4DC948B672039D8EB868380E535AA1557DE1694B71C20CBFE0A890BBC8
                                                                            SHA-512:34DC6FD948A061722070145B9D6C98B68906F61AA4727C7A21452ABFB9A1FA0606E9F8BF27BBCDC5B7BD9C790F015CD5F7AA2366F9B5F86F6A917E132902BC03
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ..............................M.....`.................................O{..O.......4............f..0)...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                                            C:\Program Files\Wildix\WIService\Serilog.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):130352
                                                                            Entropy (8bit):6.175130891462866
                                                                            Encrypted:false
                                                                            SSDEEP:3072:+y8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovq0km:7PSMkNtS6rzH7H+Uk
                                                                            MD5:F37F5EA4F6A6B5829A3C4FB1D43EBE9C
                                                                            SHA1:ECF42BA7A1ACA8F21FD1FE98446100C376D1D12B
                                                                            SHA-256:3C90383F5522C17D12DBD67DE5C802BE9DB884E9DF47A87F882492FF82256EFB
                                                                            SHA-512:821958294EB89F6A29F4A932F1AB8BA58FBFF167CE5CB89738C9C73D1B1CF638513A9B11F670DE390D71828598DBD7792D25D4C36FC80941AF6ED73025AD1129
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@.......7....`.....................................O.......................0)... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                            C:\Program Files\Wildix\WIService\UC.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):461104
                                                                            Entropy (8bit):5.253092641731761
                                                                            Encrypted:false
                                                                            SSDEEP:6144:ww/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIw:p8KXAy7qy6EOd3Z
                                                                            MD5:A951D792BDD698DA9AFC0A92096AEBEE
                                                                            SHA1:1F96EB46FBE9CC29C485B5030B7C591DFC1E254A
                                                                            SHA-256:A370F542D0901E090D2F83D659D23024D9BFCF625A58016F21531184CA240E43
                                                                            SHA-512:79DA59AAF623EC1AC7C77976FA2183698081AB7378CBC91C848B08554D26DC0EFC4A3CB8D6288511E35E64B687B6B06FEF9CD01176EC7F5D139A353602154730
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aF..%'..%'..%'...[~.$'..%'..$'...[..$'..Rich%'..........PE..L...y..e...........!..."............................................................N/....@.......................................... ..................0)..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@....y..e........j...............y..e........................y..e........l...............y..e............................................RSDS...G&p.H....m.......C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\oi_release\UC.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02........................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                            Category:dropped
                                                                            Size (bytes):161856
                                                                            Entropy (8bit):7.069763715935603
                                                                            Encrypted:false
                                                                            SSDEEP:3072:9bG7N2kDTHUpoub7G1GFkTvQnKKjRCCDgqqAuKF5s34FETDPJkX:9bE/HUzi1GF9n6fqjup34GPxk
                                                                            MD5:0E970335E58015A700312D98F712F582
                                                                            SHA1:F43DC3D1D05B8B1AD5A1404E0FC55658BF79B791
                                                                            SHA-256:4C0E72B14343F9529C687E9B9A1790F33C64363BE8AAB7BFF0837B452877E46A
                                                                            SHA-512:337C322270EC9A9E4E0836AF10241BA8F3707AE334C8E5FCC063497592A89CAE0BC8B78AE881C5E209FE020AFBD7A41EA41AE3A1FD2F1F3F8C350E63F830FB9C
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@.......................................@..........................................p...............O..0)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):395568
                                                                            Entropy (8bit):5.8986793144988665
                                                                            Encrypted:false
                                                                            SSDEEP:6144:6LrRcd38Q9/cFO0x981KKjQ9w53HW1fnAgCGCbmukQG:6XRYvt0x9PKdU9AYTb
                                                                            MD5:26DF2C74F49E5E93EEBCE3ED985D2A6D
                                                                            SHA1:C1EF4CBEFD33B3EE49DD5C839E1A6436D38F1608
                                                                            SHA-256:605F3B631BC6A3B4726ABCACAA7CF986500C7E22AF418416BB9972F76238E8CF
                                                                            SHA-512:96B4F1C99E023BCC6D3D60DCB13F7559D8D6B4512985260DD22FEADFD799D18424F4E06802972DF29675D10E3843915E83D909CEE604D36B894BC2419DAC20B1
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e.........." ..0.............j.... ........... .......................@......s.....`.....................................O.......@...............0)... ....................................................... ............... ..H............text...p.... ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B................L.......H.......0....9...............*...........................................0...........(......(z...}....( ...o!...o"...o#.........%....o$....(%.....s&...}.....{....r...p(...+((...o)....{.......{....({...o*....{.... .....{....({...o+....{.... .....{....({...o,....{.....".{....({...o-....{.....o...."...A.s/...o0....s&...}.....{....r7..p.........(1...o)....{.....2.{....({...o*....{.... .....{....({...o+....{.... .....{....({...o,....{.......{....({...o-....{.....o...."..PA.s/...o0

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifest

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3755)
                                                                            Category:dropped
                                                                            Size (bytes):19152
                                                                            Entropy (8bit):5.39496659796231
                                                                            Encrypted:false
                                                                            SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU8zSB24pRkJvaZ:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMe
                                                                            MD5:81D89B9AC7467DF97DEEDFA7200097D5
                                                                            SHA1:AE10CCFAE016441381ACACBF18B2B8277FA080AA
                                                                            SHA-256:8A01A9E36F4E953AFD13E7005F70794BDE0741729C04F92BC04FD883329CEE00
                                                                            SHA-512:BD26CEE358CED3205568F269917DAA848BDFF4ED0C5F5A685B02FBDB7508FD9BC46C84B5396AE7F0158A7B3501ED17A5ED36D96DAB126A1E44329D90B515731F
                                                                            Malicious:false
                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookAddin.vsto

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3784)
                                                                            Category:dropped
                                                                            Size (bytes):5585
                                                                            Entropy (8bit):5.808464385916956
                                                                            Encrypted:false
                                                                            SSDEEP:96:0WLwO9Zc9vHTPkf8yF8YmOclZalUErAOxnBF8YxzFodo9bBDA:fff85W62OdEA
                                                                            MD5:A434BA828B9905B6AD4CB91E07A0FBDE
                                                                            SHA1:0649505A7EA065A66BC06413C1065EE281955657
                                                                            SHA-256:20999C65EE654244FB9821CCFBDB830635707EC3435BDFCF610FF19A714F6A7D
                                                                            SHA-512:1313E7892541CC02E5F853183233CD5A218986E086EFC335BC7C67229B21BDACC021E2C769DB28640F8045A2BFC86DC05F7CFBEA0ABA8F6972772B45F510F5F1
                                                                            Malicious:false
                                                                            Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="Amazon.com" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-microsoft-com

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):23344
                                                                            Entropy (8bit):6.58300020701197
                                                                            Encrypted:false
                                                                            SSDEEP:384:Bo1T0x7uyUdRGrrvgMKtFlh8JoBipwKNsP6vTh69GoGCJEF8ZpHNr:BoI7RU7qWtx8U3kTgFEFiR
                                                                            MD5:F9AA1410626E2580A93B8365B51238F0
                                                                            SHA1:57F37D0A70C3C70149E788896A98D7E90A21B16B
                                                                            SHA-256:DDED727A42F0C1046E3695AACBA152DECC7C406BD3F0C7BB2897FB7E2CA37A1A
                                                                            SHA-512:C656EC2BA62A158ED493182D120E3071D67686D60D11298A821953732D43CAEF2D8DC5C26F604D41C7688300FDDE00224D609182222E3588A7EA4803AB0DAC94
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s..........." ..0..*...........I... ...`....... ............................../.....`..................................I..O....`...............2..0)...........H..8............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B.................I......H........$...#............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......(....*:.(......(....*...0..s........(......o....(......o....(......o....(......o....(......o....(......o....(......o....(......o....(......

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):586544
                                                                            Entropy (8bit):5.060255073540622
                                                                            Encrypted:false
                                                                            SSDEEP:6144:IIjggFdum2P4yaUXShTjSRbu05zpEwTuCKKjQ9w53HW1fV/CDKjQGZ5bHWhUnuk9:AguBQyaUkVd9KdUOKXwAZFb
                                                                            MD5:07731C2DDC01A312195ED1939B7397BC
                                                                            SHA1:66DD29525F7208F315BC8F05196F28F0B6113EE6
                                                                            SHA-256:5344059CEE845437E8CF925472560F5BAFABD5196EA26A5C6ED44275CD538B66
                                                                            SHA-512:F54C6442D9211F4BEE085067F35AF0ED6700E39FDA65BA6EE22A6230BB8BABD634F5EACA509B51AA77D370AEDBB38B3ECBCACCF09E8E59C70215821599E6AFB2
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e..............0..............+... ...@....@.. ....................... .......h....`..................................+..O....@..................0)..........t*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................+......H.......p....0..........T... +...........................................~....*..(....*..0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r...p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r5..p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..;.......~..........(&...rm..p(1...~....~....o2...o3......,..(0....*.........

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.config

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):146
                                                                            Entropy (8bit):4.983767070197417
                                                                            Encrypted:false
                                                                            SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                                            MD5:05BD64DBD44CF1C95236670D3842562F
                                                                            SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                                            SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                                            SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                                            Malicious:false
                                                                            Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):5335344
                                                                            Entropy (8bit):6.803437222293673
                                                                            Encrypted:false
                                                                            SSDEEP:98304:4tHk7LXVZoW9GG1dK+JuAVb+txTZvtXJYS6KaLXxGah:qk7LXVZj9GMd3uAVbYvx6FzxGah
                                                                            MD5:52DC329DD816737D9A89CB3DD90FC78D
                                                                            SHA1:602A80044312F627576455F9AA392B622655B10A
                                                                            SHA-256:FBB6AEB364AF1D128ED201F19896C5AD56A857B31AE9192F94AEED69AE77A6CF
                                                                            SHA-512:666F23D8C4D81E0726E16B3F11A6124466AA05D6B2C384AF0A51B5FD3595C746BC3EF968733B8FF52DC9BBAE1DCB15E85764E26AC22C29E3719E905BF9FC89DC
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                            • Antivirus: Virustotal, Detection: 1%, Browse
                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{..{..{......{......]{....<.{......{......{.......{......{......{..{...z..{..{..L...(y..L...{..L...{..L.>.{..{V.{..L...{..Rich.{..........PE..L......e..............."..;..........d6.......;...@...........................Q.......R...@.................................L.I.......M..............@Q.0)...PO....`.F.p.....................F.......F.@.............;..............................text...P.;.......;................. ..`.rdata........;.......;.............@..@.data...t.....I..N....I.............@....rsrc.........M.......M.............@..@.reloc......PO.......N.............@..B........................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):6394160
                                                                            Entropy (8bit):6.618627738731029
                                                                            Encrypted:false
                                                                            SSDEEP:98304:oP+gDWhwBnEHQF50sZypH4Ka6epgcg3b4rELUcoj:GzEEEHQJyp7az+cXrEQTj
                                                                            MD5:62EBA27C5974BAD472C3193617B64B63
                                                                            SHA1:C13F6C09FFD921FD24BC1D076B69852B7A028D7D
                                                                            SHA-256:1D74D5776EFFE065C4BDA2F8D0973E9864E56E181A4110D1FDA57B036A05DA92
                                                                            SHA-512:F6DA298284C55B91BB5932872B1C12F0C080DDF645BC86484B3AB1CDF17E46BCA2667B4A468B3EA836A3D1F44156DE6AA5E6932F2C48FBD31FA439181DEF520F
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......a{..%..C%..C%..Cnb.B(..Cnb.B...CjfoC"..Cjf.B6..Cjf.B/..Cjf.BO..Cnb.B>..Cnb.B0..C%..CB..C%..C9..C.f.B...C.f.B...C.f.B2..C.fmC$..C%..C$..C.f.B$..CRich%..C........................PE..d....e.........."...."..E..$.......f@........@.............................Pb.....NNb...`...................................................X...... `...... ].4....ha.0)....a.(.....R.p.....................R.(.....R.@.............F.X............................text.....E.......E................. ..`.rdata..L.....F.......E.............@..@.data....b....X.......X.............@....pdata..4.... ]......T\.............@..@_RDATA..\.....`......B_.............@..@.rsrc........ `......D_.............@..@.reloc..(.....a.......`.............@..B........................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):3430
                                                                            Entropy (8bit):3.577875788113156
                                                                            Encrypted:false
                                                                            SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                                            MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                                            SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                                            SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                                            SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                                            Malicious:true
                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                                            C:\Program Files\Wildix\WIService\dotnet-dump.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):5319464
                                                                            Entropy (8bit):6.624301318352495
                                                                            Encrypted:false
                                                                            SSDEEP:49152:6DTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1Oq:GJbNFF/gV/17sO
                                                                            MD5:D1B3D035E54F6699088BEF9FDA56F6F3
                                                                            SHA1:1953AB50ACAE512205D23806BDF4047DEB6908EC
                                                                            SHA-256:EE21BDC5D25863A600FA9058D88D43DD93D6F342498D4F2C2EDCB188A3F09824
                                                                            SHA-512:F64AF118AF5DDEE406E897245B62C3188D73929DF61D8F093FD9AAF65849C4EA071D1F04E5107DDF539BF7CDC48AC8112BD28001CA23FCA6B271E75ED21A6C31
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P........R...@.......................................... ................Q.0)...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):23812
                                                                            Entropy (8bit):5.102231290969022
                                                                            Encrypted:false
                                                                            SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                            MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                            SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                            SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                            SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                            Malicious:false
                                                                            Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                            C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):14362
                                                                            Entropy (8bit):4.18034476253744
                                                                            Encrypted:false
                                                                            SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                            MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                            SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                            SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                            SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                            Malicious:false
                                                                            Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                            C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):59116
                                                                            Entropy (8bit):5.051886370413466
                                                                            Encrypted:false
                                                                            SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                            MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                            SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                            SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                            SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                            Malicious:false
                                                                            Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                            C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2278
                                                                            Entropy (8bit):4.581866117244519
                                                                            Encrypted:false
                                                                            SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                            MD5:932F57E78976810729855CD1B5CCD8EF
                                                                            SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                            SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                            SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                            Malicious:false
                                                                            Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                            C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):531760
                                                                            Entropy (8bit):6.367827933112642
                                                                            Encrypted:false
                                                                            SSDEEP:12288:4TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGc:4UJ/Cq2IT/PiP4dapV7LDU1
                                                                            MD5:EB32CA60A33C5E42DFE48BDCECAD1693
                                                                            SHA1:F16CD5CD50976CDF0C10BF654D7A36DA6D370BEE
                                                                            SHA-256:5D9A2926D0B540875774C72B9D162F91FC2C32D7294D380093E0AD10DA1161D5
                                                                            SHA-512:52F411D0A70CFEA456944DE57F143040B64C6546254FC697A5A8798998BCA3C95FC8F7995381E5819F5B1725B91F32A2BCA57B1BF2CAF2A5DC351ECD28756428
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0............`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                            Category:dropped
                                                                            Size (bytes):21225
                                                                            Entropy (8bit):3.9923245636306675
                                                                            Encrypted:false
                                                                            SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                            MD5:6798F64959C913673BD66CD4E47F4A65
                                                                            SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                            SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                            SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                            Malicious:false
                                                                            Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):919344
                                                                            Entropy (8bit):5.989878340442409
                                                                            Encrypted:false
                                                                            SSDEEP:12288:2H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Mk:27Hdv3DyfhP2QgYPwo3Argk
                                                                            MD5:674D8D5F84EEB572A87CC24E9CFCCBD4
                                                                            SHA1:7CF572A409D99FCF622FEFEFC42E873C49EBBD4F
                                                                            SHA-256:E7486E9BB63841908D4DE5379FCB84EA80A1189E69A117B3180D44E05D3C92DF
                                                                            SHA-512:70BB7E1638CEE66E746393A9CD523BF303488DCF1AB16CD4B1B0C3FF5E7D110B245B3D523442EAFE12963793443101ACA2756F8BEDB4F257B314A67913AC4539
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......3....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):856368
                                                                            Entropy (8bit):5.595260812664481
                                                                            Encrypted:false
                                                                            SSDEEP:12288:39aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhb:NaBEGbL4Np84TQazCSiRhb
                                                                            MD5:B2C8E16D928A50B3E596CB64E2622EA1
                                                                            SHA1:2B9BC09C48E1BE32317584C7EE163A3D53C9E918
                                                                            SHA-256:9F82022FB2BC128B84FF396911308BEA5E063A78473E282964B08C7CB9D96045
                                                                            SHA-512:D1C9329174DB9F86E37F89E6CA485B0CBF4E75D96D404E6A943F33D58136E2F589CE665056C054E7BC84A8783E00F593C3C49BAD90361C725BE2106B5C91E22A
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................./....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                            C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):7996
                                                                            Entropy (8bit):5.128824009655858
                                                                            Encrypted:false
                                                                            SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                            MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                            SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                            SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                            SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                            Malicious:false
                                                                            Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                            C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):939824
                                                                            Entropy (8bit):6.457805391696408
                                                                            Encrypted:false
                                                                            SSDEEP:12288:spcIN4eGbIp0dMAonEWorRdvfd+Xu6VrZUcu2jRwzjeL7i8XVbsT3zpf3ygLuITC:spv2OrkeL+8U3zpvyOuARdwvL
                                                                            MD5:7C62E287B2BBD9754AD0D9533A965439
                                                                            SHA1:9346098B7355326C60E7328F745511DB2BA68E5E
                                                                            SHA-256:E1160E18CE40E3522B800A477479210D6064364B6E02C37FD199E0DC6C99DDA1
                                                                            SHA-512:2ABF077460B3A311A889F1077FF33591192DC1C7449AD24AD3BCC31954EA7238686F876CBE42CFF638485172E853D06DAA76D602C4456F14C8CC914C86F2E5CE
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d.....e.........." ...".............................................................?....`..........................................5..p...`6.......`..p........~......0)...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5dcb.dfu

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):306344
                                                                            Entropy (8bit):6.142942373788136
                                                                            Encrypted:false
                                                                            SSDEEP:6144:RgwRUnZJgqtQ4pVbo2Vpm0Uf0iTVeczqp/jCjxN0AkcdyslVoAiYw0Bbs/:KzZD0X15bqhjCjxN0AkclGAjwUy
                                                                            MD5:343F08B48818446C3BE2A6161FFBC06C
                                                                            SHA1:6B69AF183988738282081BB19E4BCF3E828C8A8C
                                                                            SHA-256:75FB30FCBED18EB2E7E8F29F7D59A7EC690C3F8CEBEBB44504B62695DFF7623E
                                                                            SHA-512:C8D9E31D715B09E942387CE9CF1AC36A81B659D0D96E73C499555C93841277FF2821CF3EDA30941371CAD326D32C74AFE59CC4FF47A26D69D6FB6D82C9166713
                                                                            Malicious:false
                                                                            Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2C...........................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5dcb.dfu

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):893688
                                                                            Entropy (8bit):6.413884117721194
                                                                            Encrypted:false
                                                                            SSDEEP:12288:vyUN9kmRr6Ps+2GfGshqM6LcTQZK9GFIiVoazL0g2kGtyDb70xDMTPLBBo80ZiYg:fr1E+JMycTQZYGFZB0QG8P0xDo9BQJg
                                                                            MD5:A0F62DFC2D9B3B9562339F289A421729
                                                                            SHA1:E63E226F5C5C7AF82F2510CF9AD0D8638CBF8E07
                                                                            SHA-256:876803A6C8C1955260EA2AD639F88F7864139CE7D6306FDBF5864B7A7DDFE58D
                                                                            SHA-512:AF197B14EFDCC9E8B5CA4E8DF73590AE3073FC48F529048718D49F754779C2046A04FBF844943346DDA2C1F0F447050B909FA9DEC8C90DA8F8C4B9C199612060
                                                                            Malicious:false
                                                                            Preview:CSR-dfu2.......signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2G...N.......................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):71984
                                                                            Entropy (8bit):5.534581235452401
                                                                            Encrypted:false
                                                                            SSDEEP:768:A8rk/UsobMzpgZtkh8jZvCwjSa5BOgUVpj1MwoJkTWUEFiRo:Am17Ztk6tdWavOgwfMwoJkTJei
                                                                            MD5:94C64D83AB178102D89AE5C2F231F79D
                                                                            SHA1:CDDF47020951112B89AA1FC3AE8CDCADA7ACB60E
                                                                            SHA-256:87305A402917995B10DB472D63E6526CE635B08E32635F85D244A351519D9BED
                                                                            SHA-512:2D076C45005CF1F0485BD06946A2E3B0FFE11CA3D7997FD9E9DD51023145D11A67F7EF19D1B791195AA82788051BF306C08B277C4A412BDFEBFDD34F39777F78
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&......&......&......&...^;..&...&...&......&......&......&......&......&......&..Rich.&..........PE..L.....kQ...........!.....P...........Q.......`.......................................l..................................;...pu..x.......d<..............0)..........................................0k..@............`...............................text....M.......P.................. ..`.rdata...%...`...0...`..............@..@.data...(...........................@....rsrc...d<.......@..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):24368
                                                                            Entropy (8bit):6.900495907336652
                                                                            Encrypted:false
                                                                            SSDEEP:384:b47QrEnds+4wmIm0SRAMTJs65jatpwKNsP6vTHAw2hlGoGCJEF8ZpHVty:bjEds+4wmIm0eAkzkTWfEFiRz
                                                                            MD5:4C23235838C66B86789217ADE6DFCE2D
                                                                            SHA1:DACC5F800475074868EE58EC5E58F02F81B5468A
                                                                            SHA-256:0C4DF868010C764A72C20187395C4D4DA2F7AF4DC762B3D90017DA7E80699CAB
                                                                            SHA-512:536618108D304DA9F0F3CF72DB0329AEADB70A216886437C4FD650AAF694943403B0DFFE11529ADAEDBB8AEEDD3D5CF0E694C5B1BC74FD937F72AB28CBF2F604
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......]...]...]3$.]...]3$.]...]..]...]3$.]...]...]I..]3$.]...]3$.]...]3$.]...]3$.]...]Rich...]........PE..L.....kQ.....................................0....@..........................p......E........................................6..d....`...............6..0)..........................................85..@............0..0............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):489776
                                                                            Entropy (8bit):6.0818611109526515
                                                                            Encrypted:false
                                                                            SSDEEP:6144:Q6KTZsHDwx0TCAQpFTfnPyFVrCqq/KrnahQ+Nnq0B/aNOjMQpynTkx:msHDG0TM6sKGhQ2nq0iQPx
                                                                            MD5:03C81CDCDD7B2054FED579242F659878
                                                                            SHA1:D78D095EEF5376E164947576DE514FEF3F30D234
                                                                            SHA-256:DF6134938D8D14D0E4363333CEE2D572F8229E3F2072142D5A11F0D69C4FBF44
                                                                            SHA-512:B811FEFF55FEFA584671F670D2EEAD8BC816E1B8F267424C575A5AB49B4ED5F0BB45182D8F1B9ACA52E8F5D9099F88982C7DF8C92F93DA6AF3BF186045014810
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-9/.iXA.iXA.iXA..W..mXA.iX@..XA.N.:.lXA...?.hXA.N.<.hXA.N.,.fXA.N./..XA.N.;.hXA.N.=.hXA.N.9.hXA.RichiXA.........PE..L...I..M...........!.........@......DT............L|......................................@.............................c ..d...d....................P..0).............................................@...............................H............text....x.......................... ..`.rdata..cX.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..N$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):559408
                                                                            Entropy (8bit):6.450353666415046
                                                                            Encrypted:false
                                                                            SSDEEP:12288:nZY4lOHMwLwXBt+iaKst/Ua/hUgiW6QR7t5j3Ooc8NHkC2eWM:nZY4lOHMM8wifstjj3Ooc8NHkC2eH
                                                                            MD5:BE1061A80FBF9D1C50AA8AD7FDBA3176
                                                                            SHA1:8F27023AC06A5E6157FBC4A452E40763D7DFEA34
                                                                            SHA-256:08A6007D1025B65596A131FAB229CE0F1EE9D9C50B3608C9B27B77AD5CF1A87D
                                                                            SHA-512:D1C3F59260F047CB711428D56BB848F510FE301D731C721F1A9DC84C5E5D710268734E485B7B710AD4AFED5F5C01807D815B25B27B64EE4CB9315997E884B46F
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p......%m....@.............................L...T...<....................`..0)... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):637232
                                                                            Entropy (8bit):6.8670789872645654
                                                                            Encrypted:false
                                                                            SSDEEP:12288:nxzh9hH5RVKTp0G+vphr46CIFt0yZmGyYGoy:nph9hHzVKOpRFHmGyY3y
                                                                            MD5:A0A0CD24332919A4B2E8F218C1AEE8A4
                                                                            SHA1:D0B694BF9D000CCF7B1692AA7DCC49EC31BC4849
                                                                            SHA-256:2BCA0030C0DA5C89D2B58816850F2D5E0E691B9B31080EA614FFEFB4DC5A83D5
                                                                            SHA-512:BC01BEF95EEB60E1AE4C9F00F115341ABCB8A22A76CE61A3296A16BAB706A74367C904CC8A87366E9954130B1D70E62C9A781149F27E9AD7A0B1EA8CE585ECCF
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x................................f/....@..........................q...~..Pc..<....`..................0)...p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):701232
                                                                            Entropy (8bit):6.834668259328785
                                                                            Encrypted:false
                                                                            SSDEEP:12288:Zh1wtmDyLuDTFn3nLjTwDFbT82hs8mVY/P3WaNi6nS4zAEgMWPznF9SHanz9:L1wtmDyLghn3nLjYFbIv8d/fs6S4zA/L
                                                                            MD5:F229CEA83A764CB2BBD1D411C0B62E36
                                                                            SHA1:95CCCA1A99BCAECF088167ADB1FDBE10C2101F2E
                                                                            SHA-256:27FEF35C04C9499173748ED4C0B7AD2AC649F172D817252FA61CC63B430F87BE
                                                                            SHA-512:E86B52D3D7837797E2866E171C550F29ACCDD473C239F54939B64BFBE2DAE801D07C826134184436B4AEC94FB49B94F05F3907F41015624EFB0D8E768EB505FC
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gR.......................W.............#.............u.................Rich............PE..L..."..N...........!................r..............o................................b.....@.........................H ...t...........p..................0).......2..X...8...........................p...@...x........................................text............................... ..`.data....h.......d..................@....rsrc........p.......R..............@..@.reloc...2.......4...V..............@..Bb..N.......N....a..N....a..N$...b..NH...a..Ni...b..N....a..N....a..N....b..N.......N....b..N....b..N=...b..Ne...b..N....b..N....b..N....b..N....a..N#......N....b..NM......N....b..Np...a..N.......N....b..N....a..N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core-Console-L1-1-0.dll.API-MS-Win-Core-DateTime-L1-1-0.dll.API-MS-Win-Core-Debug-L1-1-0.dll.API-MS-

                                                                            C:\Program Files\Wildix\WIService\proxyex.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Feb 1 11:46:36 2024, mtime=Mon Feb 5 10:02:16 2024, atime=Thu Feb 1 11:46:36 2024, length=16767280, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):928
                                                                            Entropy (8bit):4.570278517518334
                                                                            Encrypted:false
                                                                            SSDEEP:12:8vsDucC0YXf+h9qQdpF44/JrnE5qEXHf8fOJa2p/jA03lPDRbbdpo8YdJjJBBmV:8kyqd8SG06AaBdYXBm
                                                                            MD5:BF90DCAD67CE1E02A2AB6ABC9ED33F94
                                                                            SHA1:45EA5D958F166B5061829CA4543833430F259A60
                                                                            SHA-256:CC666B9D4B7D9B24C4791F0039CE69BA84E81735D199BBD7F4ADD1FD226EEDDD
                                                                            SHA-512:D0C1626430188C39185B1C8611EFF507CEF9F5FF936D6F0CBC2EF671803FB7D1D0B0DD1ADB1F22306A3B955C47083EBE1BD3F9AC2611F6D350349421A8A43638
                                                                            Malicious:false
                                                                            Preview:L..................F.... ........U......"X.......U..0............................P.O. .:i.....+00.../C:\.....................1.....EX.X..PROGRA~1..t......O.IEX.X....B...............J.....P(..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....EX.X..Wildix..>......EX.XEX.X....i.....................P(..W.i.l.d.i.x.....\.1.....EXGX..WISERV~1..D......EX.XEXGX..............................W.I.S.e.r.v.i.c.e.....h.2.0...AX.e .WISERV~1.EXE..L......AX.eEX.X..............................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......]............:L......C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......048707...........hT..CrF.f4... .{s.......,.......hT..CrF.f4... .{s.......,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                            C:\Program Files\Wildix\WIService\resources\cdr.db

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3039004, page size 1024, file counter 3247, database pages 22038, cookie 0x1c6, schema 4, UTF-8, version-valid-for 3247
                                                                            Category:dropped
                                                                            Size (bytes):22566912
                                                                            Entropy (8bit):6.156856755685782
                                                                            Encrypted:false
                                                                            SSDEEP:49152:LweRjXxSuAId92j0CeSg0np8atm8SsANGC1KuD1+U68rNMgT9A4VMD5uuTopBtlw:DyhI8GUp8atPOG6VhvcgIHRH
                                                                            MD5:3241A121BCF26F5E8B36663E3056B2CA
                                                                            SHA1:FAF689142817E79961EE45D61D40EF0204488D89
                                                                            SHA-256:DE37FC1A3B827F05BFF563D523CBA8007272462C24C9C1939F9B1FD13F789088
                                                                            SHA-512:03530AE86E5342FF84494BEF17EEDE041D918A0193357711076649493B9020A5729CCF0737BD226B8A32ED7D88E342316050DEE9C8CD13A3AE281C2B7FE2C562
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ......V..................................................................._...........V.............................................................................................................................................>.......StableFILTERSFILTERS.CREATE TABLE FILTERS (...ID BIGINT NOT NULL,...NAME VARCHAR(128) NOT NULL,...DESCRIPTION CLOB(2147483647),...STATE CLOB(2147483647) NOT NULL,...PRIMARY KEY (ID)..)-...A...indexsqlite_autoindex_FILTERS_1FILTERS.........w...##..5tableEVENTS_TAGSEVENTS_TAGS.CREATE TABLE EVENTS_TAGS (...EVENT_ID INTEGER NOT NULL,...TAG_ID INTEGER NOT NULL..).n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARCHAR(2...86...+,.

                                                                            C:\Program Files\Wildix\WIService\websocket-sharp.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):260912
                                                                            Entropy (8bit):5.8337506167432664
                                                                            Encrypted:false
                                                                            SSDEEP:3072:MLixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC51k:zn8nDenoRXoJF3bqEiyzZ5m1FsgUvkp
                                                                            MD5:A5EF342059E4FE4AF92F25D7E56702E2
                                                                            SHA1:314B5FBD3B41FDBE0E08EFF3A80244ECB5BE842E
                                                                            SHA-256:503DE37474E0623ADF4A26A55EAD568E986FB435EE554B3C13E0BC409A336224
                                                                            SHA-512:979E3233491D449BA38F363D290357E741675FAE40FE6878440274DFD1C867850300E6B186A2BBF049525CD951F76508725D180C64029641BB3EA25DD761B504
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@......n.....@.................................,...O.......................0)... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                                            C:\Program Files\Wildix\WIService\wildix-oi.ico

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):175221
                                                                            Entropy (8bit):3.6057445859805903
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                                            MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                                            SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                                            SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                                            SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                                            Malicious:false
                                                                            Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                                            C:\Program Files\Wildix\WIService\wildix.ico

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):99667
                                                                            Entropy (8bit):6.776502745804188
                                                                            Encrypted:false
                                                                            SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                                            MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                                            SHA1:965419910C1929CF695C530456950616B85596C5
                                                                            SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                                            SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                                            Malicious:false
                                                                            Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                                            C:\Program Files\Wildix\WIService\wiservice.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):16767280
                                                                            Entropy (8bit):6.686063342946655
                                                                            Encrypted:false
                                                                            SSDEEP:196608:hlaCVvR44YQTR6ANlw35TXgYMzMc+tjieX1UjYyRg1:hnVvRlkANlwlXBtjP1SQ
                                                                            MD5:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            SHA1:940CB401C12B265EF078792C1261F10314105963
                                                                            SHA-256:93F680F9C1354E1B9EDB9CBB622C15617F63B92B94CC5BBE8AC48B013FEEAB36
                                                                            SHA-512:37D06F400BCC90E6EBDEF2FFB30B9E6340E3D9BE3249A05E44C8BE175165E70CA33C9489C0023D7708FF84B49F06680A75410BE73E6C1542D8CBC965BE19F702
                                                                            Malicious:true
                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........5...f...f...f..g...f..gZ..f..zf...f..g...f..g...f..g...f..g...f..g...f...f...f...f...fp.g...fp.g...fp.g...fp.xf...f...f...fp.g...fRich...f................PE..d......e.........."....".0....R................@..........................................`.................................................h1..X.... ..0....p..........0)..............p.......................(......@............@..h............................text...*/.......0.................. ..`.rdata...K9..@...L9..4..............@..@.data...d...........................@....pdata.......p.......6..............@..@_RDATA..\...........................@..@.rsrc...0.... ......................@..@.reloc..............................@..B................................................................................................................................................................

                                                                            C:\Program Files\Wildix\WIService\x-bees.ico

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                            Category:dropped
                                                                            Size (bytes):207760
                                                                            Entropy (8bit):6.4085333829790425
                                                                            Encrypted:false
                                                                            SSDEEP:6144:4xJ/R9PV9qWAEWgX+RyhJs1DC0/R2eGHSWCICTDCqK79yUiG7F3kzudR1aw9M0TU:4n/R999qWAEWgX+RyhJsVC0/R2eGHSWU
                                                                            MD5:F214B5E008F3D23F4F01951247BAE991
                                                                            SHA1:DB7928B37992CD0635AB5FC1E89547C6BE813B55
                                                                            SHA-256:CED79B247B0C8DE449312B7CF5690E8E9DA968F22CC722DA70124BDF2A84C427
                                                                            SHA-512:FA5211DF2922ABC3C5091E2098DF5FAD9681E2CDC8A3287AEC49F8694B11B776A2001DED052995A34E5EF52B55A207E6069393DD9BAAEFB82CEFC98824BC7774
                                                                            Malicious:false
                                                                            Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ .:...Vx..(....... ..... .........%...%........................................................................................................................................................................)B..)B............................. ........................#3..R...U..."1........................."...!... ................Dt..]...a...Jw.........................$....!(..0O...H......*;..l...m...r...z...):......5I..;R... .....%....L...i...m...Q...$...Fo..S...U...Kq.."+..i...........w......(....>l..l...v...x...Iu..n...v...{...y...Tz..............Ut.....*...' ...=a..k.......m...?[..b...d...B\..............Ke.........+!..* ..)..."*2..R...a...e...........m...r...b...'..............-"..,!..* ..)...'...#"!..Y...o...s..._........................../$...#..,!..* ..)...'....F^..........H^.........................1%../$...#..,!..* ..)....Ni..........Ph.!.

                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Feb 1 11:47:08 2024, mtime=Mon Feb 5 10:02:12 2024, atime=Thu Feb 1 11:47:08 2024, length=161856, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):1955
                                                                            Entropy (8bit):3.399482908672217
                                                                            Encrypted:false
                                                                            SSDEEP:24:8WHUqd8RGmATEyAthdahidVdahBufdah6CS5SqBm:8WHUqdaGm8ERthdahidVdahB2dahfKJ
                                                                            MD5:F4BB87172EDEB37703FF1A40E55CFB39
                                                                            SHA1:71D66ED834653570EC99BFAB1C494AF6FF254CAC
                                                                            SHA-256:DDBC6544EB8659754DD594D517E1649554FA81ECCA4D415F80E695590FE11238
                                                                            SHA-512:30AC9A62A750B0421EE662D92DCE9251449713B378DA7949166DE41F0ECE38B158B153E19F0DFCDB987449E011C5E23F5856C7AF353D66689608C44AC5E45BD6
                                                                            Malicious:false
                                                                            Preview:L..................F.@.. ....n+..U..{).."X...n+..U..@x...........................P.O. .:i.....+00.../C:\.....................1.....EX.X..PROGRA~1..t......O.IEX.X....B...............J.....P(..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....EX.X..Wildix..>......EX.XEX.X....i.....................P(..W.i.l.d.i.x.....\.1.....EXGX..WISERV~1..D......EX.XEXGX..............................W.I.S.e.r.v.i.c.e.....z.2.@x..AX.e .UNINST~1.EXE..^......AX.eEXGX.............................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f............:L......C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                                            C:\ProgramData\Wildix\WIService\displog.txt

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2370
                                                                            Entropy (8bit):5.15780962048576
                                                                            Encrypted:false
                                                                            SSDEEP:24:DV4Z4BIzMKQR+vlQR+gjCqQR+2QRlD+Gdzl2+GQg+Gre+GCX/+lQBo8DrG+QGwap:Y/JcdxdYPrGCXXonaePJZRWIPgqPg
                                                                            MD5:73A096358591C1E63F013EF8AA517B33
                                                                            SHA1:CEFE53F5C868FAD625DB9C2DE19702AE71BE7D21
                                                                            SHA-256:2030EDF4928F2416303CC2BA519F7AD9CCC42DFADCC2120BDADD830DCD4BB009
                                                                            SHA-512:60C2AA7BB80BF18EC58DC51CB69C6F1831D5331D9BA361F399A9E4C03AC09761992C9790F6F04F3F951635CD5408C81BDA509055FCEA87E1FAFE62C6CCFF8358
                                                                            Malicious:false
                                                                            Preview:05/02/2024 12:02:17.110531|00001|info |DispatcherServiceImpl.cpp:27 (main) ------------..05/02/2024 12:02:17.110531|00001|info |DispatcherServiceImpl.cpp:28 (main) WIService Dispatcher 3.17.7.1 (Feb 1 2024 12:41:48)..05/02/2024 12:02:17.126143|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..05/02/2024 12:02:17.126143|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..05/02/2024 12:02:17.126143|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..05/02/2024 12:02:17.126143|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..05/02/2024 12:02:17.126143|00001|info |DispatcherServiceImpl.cpp:30 (main) base dir: C:\Program Files\Wildix\WIService..05/02/2024 12:02:17.126143|00001|info |DispatcherServiceImpl.cpp:31 (main) writable dir: C:\ProgramData\Wildix\WIService..05/02/2024 12:02:17.126143|00001|info |DispatcherServiceImpl.cpp:32 (

                                                                            C:\ProgramData\Wildix\WIService\dissettings.json

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):56
                                                                            Entropy (8bit):4.355851127144314
                                                                            Encrypted:false
                                                                            SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                            MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                            SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                            SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                            SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                            Malicious:false
                                                                            Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                            C:\ProgramData\Wildix\WIService\dissettings.json.backup

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):56
                                                                            Entropy (8bit):4.355851127144314
                                                                            Encrypted:false
                                                                            SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                            MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                            SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                            SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                            SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                            Malicious:false
                                                                            Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                            C:\ProgramData\Wildix\WIService\svclog.txt

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with very long lines (319), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1834
                                                                            Entropy (8bit):5.334336661696273
                                                                            Encrypted:false
                                                                            SSDEEP:24:DV989uev9e9C5m9y6MM91YiCnCXzg9KKE8SK5en0PmX9XzUPogGn/Py/W+XzUPod:u15jL6uCX886e8mX9oggGXYHoggy
                                                                            MD5:7539B450BFE75E60267A331B78693D0A
                                                                            SHA1:7E4DC4370F0BB95FA759F76A0080BD7D85E521D7
                                                                            SHA-256:4672535B67E774E095C1578D6F3EC8AC6A80E9723CA95C7CF5BE93C58135F09B
                                                                            SHA-512:F3E0C9773385F5E24846D7C30E61D078B6CD00FAA0BDE332EF8F8805E6B86F4F9BAF31AF279D038519B87841176580F54B258E4790BAEA3104F4DF8FBAECCBFA
                                                                            Malicious:false
                                                                            Preview:05/02/2024 12:02:15.878773|00001|info |WinHostServiceImpl.hpp:26 (host_svc) ------------..05/02/2024 12:02:15.878773|00001|info |WinHostServiceImpl.hpp:27 (host_svc) WIService Svc 3.17.7.1..05/02/2024 12:02:15.878773|00001|info |WinHostServiceImpl.hpp:28 (host_svc) debugger is not attached..05/02/2024 12:02:15.878773|00001|info |WinHostServiceImpl.hpp:29 (host_svc) starting windows service host..05/02/2024 12:02:15.878773|00002|info |WinHostServiceImpl.hpp:57 (svc_main) starting service..05/02/2024 12:02:15.878773|00002|info |WinServiceImpl.cpp:16 (svc_main) killing all non userspace wiservices..05/02/2024 12:02:16.566285|00002|warn |WinServiceImpl.cpp:31 (svc_main) !WARNING! detected 1 system wiservices..05/02/2024 12:02:16.566285|00002|info |WinServiceImpl.cpp:33 (svc_main) killing wiservice 6296..05/02/2024 12:02:16.566285|00002|info |WinServiceImpl.cpp:110 (svc_main) service has been started..05/02/2024 1

                                                                            C:\ProgramData\Wildix\WIService\updater.txt

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):630
                                                                            Entropy (8bit):4.854881238292933
                                                                            Encrypted:false
                                                                            SSDEEP:6:DkMHgauxQItzAAmTuWlMHgauxzwuvVkKRMa6gQlMPuxzwuvVkKRMayP0QlMluxzO:DVHvyt0G1HvBuNxDnPBuNxTnlBuNxLxy
                                                                            MD5:BC3F8B3162219C1324CC60B1EBA2C962
                                                                            SHA1:E05FC6E3E80FC652008AC1E59DE10AFFC97149E9
                                                                            SHA-256:79BFC7A4A46A0DBDD93D5737E26C03381BDBD5B95520C613590ED541887856C4
                                                                            SHA-512:DE608830AA823A1B6317F7E4DC373E2B991B2E2A435B32E1236B019E61BDD9F5FDE5B4CFD2848A9EDD078C623C678CBC9D89FD5BF703E812FC275502A7B16C90
                                                                            Malicious:false
                                                                            Preview:05/02/2024 12:02:14.500947|00001|info |Updater.cpp:32 (Updater) Starting updater... Update dir: C:\Program Files\Wildix\updates..05/02/2024 12:02:14.500947|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/integrations.json..05/02/2024 12:02:15.141518|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/applications.json..05/02/2024 12:02:15.750901|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/x-beesNativeApp.json..

                                                                            C:\ProgramData\Wildix\WIService\wwdlog.txt

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1986
                                                                            Entropy (8bit):5.092925186441616
                                                                            Encrypted:false
                                                                            SSDEEP:48:2D1ZD1vEp6pceppnD1CuLzUO7mof1spiyFTybYyO1W:2zvAecqLjHmssvFuzQW
                                                                            MD5:AE2F29B98DC94E2F11C71E877ACD4949
                                                                            SHA1:9BF57D9317747D28D4FDA1713752C89CDBB3E8DC
                                                                            SHA-256:E79A1C4CD6BC5DCD2AABB13CB8CF9ABF340046676D5AD8EA050291B31F9E3544
                                                                            SHA-512:3D0BE1CBDCA37DCC0C2E79B398331DE1E4319C0D7E9B5C5C52050D82272B1B7A5B9E9E8AE4AF7F0F6A670461247EC2A8BC80D593BE3E6C2755BAC12404D4D105
                                                                            Malicious:false
                                                                            Preview:05/02/2024 12:02:17.100849|00001|info |WatchdogServiceImpl.cpp:36 (main) ------------..05/02/2024 12:02:17.100849|00001|info |WatchdogServiceImpl.cpp:37 (main) WIService Watchdog 3.17.7.1 (Feb 1 2024 12:41:48)..05/02/2024 12:02:17.100849|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..05/02/2024 12:02:17.100849|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..05/02/2024 12:02:17.100849|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..05/02/2024 12:02:17.100849|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..05/02/2024 12:02:17.100849|00001|info |WatchdogServiceImpl.cpp:39 (main) base dir: C:\Program Files\Wildix\WIService..05/02/2024 12:02:17.116494|00001|info |WatchdogServiceImpl.cpp:40 (main) writable dir: C:\ProgramData\Wildix\WIService..05/02/2024 12:02:17.116494|00001|info |WatchdogServiceImpl.cpp:41 (ma

                                                                            C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):56
                                                                            Entropy (8bit):4.355851127144314
                                                                            Encrypted:false
                                                                            SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                            MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                            SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                            SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                            SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                            Malicious:false
                                                                            Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                            C:\ProgramData\Wildix\WIService\wwdsettings.json.backup

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):56
                                                                            Entropy (8bit):4.355851127144314
                                                                            Encrypted:false
                                                                            SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                            MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                            SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                            SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                            SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                            Malicious:false
                                                                            Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                                            Download File
                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):42
                                                                            Entropy (8bit):4.0050635535766075
                                                                            Encrypted:false
                                                                            SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                            MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                            SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                            SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                            SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                            Malicious:false
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                            C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\System.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):12288
                                                                            Entropy (8bit):5.814115788739565
                                                                            Encrypted:false
                                                                            SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                            MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                            SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                            SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                            SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\modern-header.bmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                            Category:dropped
                                                                            Size (bytes):28326
                                                                            Entropy (8bit):2.5710862958427496
                                                                            Encrypted:false
                                                                            SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                            MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                            SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                            SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                            SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                            Malicious:false
                                                                            Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\modern-wizard.bmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                            Category:dropped
                                                                            Size (bytes):26494
                                                                            Entropy (8bit):1.9568109962493656
                                                                            Encrypted:false
                                                                            SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                            MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                            SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                            SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                            SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                            Malicious:false
                                                                            Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                            C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\nsDialogs.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):9728
                                                                            Entropy (8bit):5.158136237602734
                                                                            Encrypted:false
                                                                            SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                            MD5:6C3F8C94D0727894D706940A8A980543
                                                                            SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                            SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                            SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\nsExec.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):7168
                                                                            Entropy (8bit):5.298362543684714
                                                                            Encrypted:false
                                                                            SSDEEP:96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
                                                                            MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                            SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                            SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                            SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):38
                                                                            Entropy (8bit):3.8924071185928772
                                                                            Encrypted:false
                                                                            SSDEEP:3:z0Nc4Ac+q:wNcLc+q
                                                                            MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                                            SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                                            SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                                            SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                                            Malicious:false
                                                                            Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                                            C:\Users\user\AppData\Roaming\Wildix\WIService\wislog.txt

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with very long lines (451), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):9735
                                                                            Entropy (8bit):5.383796228092828
                                                                            Encrypted:false
                                                                            SSDEEP:192:Y5UlxYjLmB65F9aXtkt2Ei+bMFnX6Fb2IYtRuUKbp7eF9eI9:YiEjLmB6T9aKYFnX6Fvu9Kd76F9
                                                                            MD5:DB69C1FC44C4DBBE25B700FC7D4C8931
                                                                            SHA1:581D9BFB20B9DA1E90D33071AB4390FF570B45C4
                                                                            SHA-256:4AFDFA14866677600E1D64A30172FD3EA975473B4E02C6AC3E5DE7B6A5301166
                                                                            SHA-512:CDCDD46DFD27BDB2B7B70FB2DE744C81AE08194631CDAEF566FEBF1D6BEDE6D7F2CB5661172E4FD2DE590A600B2235E16D5F9D5368B6C32E38CB6CE6B804F791
                                                                            Malicious:false
                                                                            Preview:05/02/2024 12:02:20.719977|00001|info |WebSocketServiceImpl.cpp:43 (main) ------------..05/02/2024 12:02:20.735596|00001|info |WebSocketServiceImpl.cpp:44 (main) WIService 3.17.7.1 (Feb 1 2024 12:41:49)..05/02/2024 12:02:20.735596|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..05/02/2024 12:02:20.735596|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..05/02/2024 12:02:20.735596|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..05/02/2024 12:02:20.735596|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..05/02/2024 12:02:20.735596|00001|info |UtilsInternal.cpp:45 (main) websocket info: WebSocket++/0.8.2..05/02/2024 12:02:20.735596|00001|info |UtilsInternal.cpp:46 (main) ssl info: OpenSSL 1.1.1u 30 May 2023..05/02/2024 12:02:20.735596|00001|info |WebSocketServiceImpl.cpp:47 (main) base dir: C:\Program Fi

                                                                            C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):796
                                                                            Entropy (8bit):4.660482600315356
                                                                            Encrypted:false
                                                                            SSDEEP:12:Jh0vpUU2JEGtUwXdWVOryZ7EdxIf/l1NIH51QgGQvoX1Sui/U+1aS4VKuCGIdK5i:JMZWmLOu/l1aZ1QDQvQXi/U+1q8mIK8
                                                                            MD5:4D2B6F0A9829135E4FBF2CEEFA308DCD
                                                                            SHA1:DC5D9CB58D7FC320CB0B31EFF346AB90D58077E9
                                                                            SHA-256:A7EC9CAB66D98B25D3426A3D0BF07818197732CEEA0DE4B9CEC87A1906ABB52B
                                                                            SHA-512:08DEFA158B3F8AD488F76C4AB9857FB0990EF6D8D2B3BE8D19BCDE3ED8268682411E98ADB0C92DFCA46C6F2BAE18F2B9EE013200CF9C3DEF25CCE31267683AA7
                                                                            Malicious:false
                                                                            Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {. "outlook_presence": {. "host": "localhost",. "lastConnect": 1707138066,. "link": "https://localhost/outlook_presence",. "port": 0,. "secure": true,. "version": "3.17.7". },. "outlook_sync": {. "lastConnect": 1707138065,. "version": "". }. },. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "headset": {},. "hotkeys": {. "actions": {. "call": "F11". },. "requirements": {}. },. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "099e61fb-c6dd-424c-a52e-746f90c877c6",. "pbx": "",. "setIconTryCount": 0.}

                                                                            C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:JSON data
                                                                            Category:modified
                                                                            Size (bytes):796
                                                                            Entropy (8bit):4.660482600315356
                                                                            Encrypted:false
                                                                            SSDEEP:12:Jh0vpUU2JEGtUwXdWVOryZ7EdxIf/l1NIH51QgGQvoX1Sui/U+1aS4VKuCGIdK5i:JMZWmLOu/l1aZ1QDQvQXi/U+1q8mIK8
                                                                            MD5:4D2B6F0A9829135E4FBF2CEEFA308DCD
                                                                            SHA1:DC5D9CB58D7FC320CB0B31EFF346AB90D58077E9
                                                                            SHA-256:A7EC9CAB66D98B25D3426A3D0BF07818197732CEEA0DE4B9CEC87A1906ABB52B
                                                                            SHA-512:08DEFA158B3F8AD488F76C4AB9857FB0990EF6D8D2B3BE8D19BCDE3ED8268682411E98ADB0C92DFCA46C6F2BAE18F2B9EE013200CF9C3DEF25CCE31267683AA7
                                                                            Malicious:false
                                                                            Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {. "outlook_presence": {. "host": "localhost",. "lastConnect": 1707138066,. "link": "https://localhost/outlook_presence",. "port": 0,. "secure": true,. "version": "3.17.7". },. "outlook_sync": {. "lastConnect": 1707138065,. "version": "". }. },. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "headset": {},. "hotkeys": {. "actions": {. "call": "F11". },. "requirements": {}. },. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "099e61fb-c6dd-424c-a52e-746f90c877c6",. "pbx": "",. "setIconTryCount": 0.}

                                                                            C:\Windows\System32\drivers\etc\hosts

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):857
                                                                            Entropy (8bit):4.712765723284222
                                                                            Encrypted:false
                                                                            SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                            MD5:9AC77B45979A66F73EDB70B72908A616
                                                                            SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                            SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                            SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                            Malicious:true
                                                                            Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):7996
                                                                            Entropy (8bit):5.128824009655858
                                                                            Encrypted:false
                                                                            SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                            MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                            SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                            SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                            SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                            Malicious:false
                                                                            Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):23812
                                                                            Entropy (8bit):5.102231290969022
                                                                            Encrypted:false
                                                                            SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                            MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                            SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                            SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                            SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                            Malicious:false
                                                                            Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):14362
                                                                            Entropy (8bit):4.18034476253744
                                                                            Encrypted:false
                                                                            SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                            MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                            SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                            SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                            SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                            Malicious:false
                                                                            Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):59116
                                                                            Entropy (8bit):5.051886370413466
                                                                            Encrypted:false
                                                                            SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                            MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                            SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                            SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                            SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                            Malicious:false
                                                                            Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2278
                                                                            Entropy (8bit):4.581866117244519
                                                                            Encrypted:false
                                                                            SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                            MD5:932F57E78976810729855CD1B5CCD8EF
                                                                            SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                            SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                            SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                            Malicious:false
                                                                            Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):531760
                                                                            Entropy (8bit):6.367827933112642
                                                                            Encrypted:false
                                                                            SSDEEP:12288:4TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGc:4UJ/Cq2IT/PiP4dapV7LDU1
                                                                            MD5:EB32CA60A33C5E42DFE48BDCECAD1693
                                                                            SHA1:F16CD5CD50976CDF0C10BF654D7A36DA6D370BEE
                                                                            SHA-256:5D9A2926D0B540875774C72B9D162F91FC2C32D7294D380093E0AD10DA1161D5
                                                                            SHA-512:52F411D0A70CFEA456944DE57F143040B64C6546254FC697A5A8798998BCA3C95FC8F7995381E5819F5B1725B91F32A2BCA57B1BF2CAF2A5DC351ECD28756428
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0............`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):919344
                                                                            Entropy (8bit):5.989878340442409
                                                                            Encrypted:false
                                                                            SSDEEP:12288:2H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Mk:27Hdv3DyfhP2QgYPwo3Argk
                                                                            MD5:674D8D5F84EEB572A87CC24E9CFCCBD4
                                                                            SHA1:7CF572A409D99FCF622FEFEFC42E873C49EBBD4F
                                                                            SHA-256:E7486E9BB63841908D4DE5379FCB84EA80A1189E69A117B3180D44E05D3C92DF
                                                                            SHA-512:70BB7E1638CEE66E746393A9CD523BF303488DCF1AB16CD4B1B0C3FF5E7D110B245B3D523442EAFE12963793443101ACA2756F8BEDB4F257B314A67913AC4539
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......3....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):856368
                                                                            Entropy (8bit):5.595260812664481
                                                                            Encrypted:false
                                                                            SSDEEP:12288:39aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhb:NaBEGbL4Np84TQazCSiRhb
                                                                            MD5:B2C8E16D928A50B3E596CB64E2622EA1
                                                                            SHA1:2B9BC09C48E1BE32317584C7EE163A3D53C9E918
                                                                            SHA-256:9F82022FB2BC128B84FF396911308BEA5E063A78473E282964B08C7CB9D96045
                                                                            SHA-512:D1C9329174DB9F86E37F89E6CA485B0CBF4E75D96D404E6A943F33D58136E2F589CE665056C054E7BC84A8783E00F593C3C49BAD90361C725BE2106B5C91E22A
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................./....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                            C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):19336
                                                                            Entropy (8bit):4.312180794862161
                                                                            Encrypted:false
                                                                            SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqecM+Pu7HnjtoX2PSuNip:T6+LU832tzd+pnM+Pu7HGX2quNu
                                                                            MD5:42952F9CA5587C428EC9903387A02B8D
                                                                            SHA1:9522AEB7C2254FE643CB19C4E215AC05B1B6D638
                                                                            SHA-256:10F6033868215ACBD4715ED04D20A2F714D1BCA06B571D6A3BF4B1818D019E49
                                                                            SHA-512:19E61FF6D5CBE678F89926F753ADDE12054A2EAD8040A45B8AA8E13095A563BC514BBCB1E48624F8FE53AE064EBA51BAC716550D9028E2D9EFB2F8AF04BD2EC3
                                                                            Malicious:false
                                                                            Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                                            C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):7996
                                                                            Entropy (8bit):5.128824009655858
                                                                            Encrypted:false
                                                                            SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                            MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                            SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                            SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                            SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                            Malicious:false
                                                                            Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                            C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):23812
                                                                            Entropy (8bit):5.102231290969022
                                                                            Encrypted:false
                                                                            SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                            MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                            SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                            SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                            SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                            Malicious:false
                                                                            Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                            C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):14362
                                                                            Entropy (8bit):4.18034476253744
                                                                            Encrypted:false
                                                                            SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                            MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                            SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                            SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                            SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                            Malicious:false
                                                                            Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                            C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):59116
                                                                            Entropy (8bit):5.051886370413466
                                                                            Encrypted:false
                                                                            SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                            MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                            SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                            SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                            SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                            Malicious:false
                                                                            Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                            C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2278
                                                                            Entropy (8bit):4.581866117244519
                                                                            Encrypted:false
                                                                            SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                            MD5:932F57E78976810729855CD1B5CCD8EF
                                                                            SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                            SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                            SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                            Malicious:false
                                                                            Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                            C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):531760
                                                                            Entropy (8bit):6.367827933112642
                                                                            Encrypted:false
                                                                            SSDEEP:12288:4TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGc:4UJ/Cq2IT/PiP4dapV7LDU1
                                                                            MD5:EB32CA60A33C5E42DFE48BDCECAD1693
                                                                            SHA1:F16CD5CD50976CDF0C10BF654D7A36DA6D370BEE
                                                                            SHA-256:5D9A2926D0B540875774C72B9D162F91FC2C32D7294D380093E0AD10DA1161D5
                                                                            SHA-512:52F411D0A70CFEA456944DE57F143040B64C6546254FC697A5A8798998BCA3C95FC8F7995381E5819F5B1725B91F32A2BCA57B1BF2CAF2A5DC351ECD28756428
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0............`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):919344
                                                                            Entropy (8bit):5.989878340442409
                                                                            Encrypted:false
                                                                            SSDEEP:12288:2H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Mk:27Hdv3DyfhP2QgYPwo3Argk
                                                                            MD5:674D8D5F84EEB572A87CC24E9CFCCBD4
                                                                            SHA1:7CF572A409D99FCF622FEFEFC42E873C49EBBD4F
                                                                            SHA-256:E7486E9BB63841908D4DE5379FCB84EA80A1189E69A117B3180D44E05D3C92DF
                                                                            SHA-512:70BB7E1638CEE66E746393A9CD523BF303488DCF1AB16CD4B1B0C3FF5E7D110B245B3D523442EAFE12963793443101ACA2756F8BEDB4F257B314A67913AC4539
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......3....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\System32\spool\drivers\x64\unires.dll

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):856368
                                                                            Entropy (8bit):5.595260812664481
                                                                            Encrypted:false
                                                                            SSDEEP:12288:39aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhb:NaBEGbL4Np84TQazCSiRhb
                                                                            MD5:B2C8E16D928A50B3E596CB64E2622EA1
                                                                            SHA1:2B9BC09C48E1BE32317584C7EE163A3D53C9E918
                                                                            SHA-256:9F82022FB2BC128B84FF396911308BEA5E063A78473E282964B08C7CB9D96045
                                                                            SHA-512:D1C9329174DB9F86E37F89E6CA485B0CBF4E75D96D404E6A943F33D58136E2F589CE665056C054E7BC84A8783E00F593C3C49BAD90361C725BE2106B5C91E22A
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................./....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                            C:\Windows\System32\wfaxport.dll

                                                                            Download File
                                                                            Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):939824
                                                                            Entropy (8bit):6.457805391696408
                                                                            Encrypted:false
                                                                            SSDEEP:12288:spcIN4eGbIp0dMAonEWorRdvfd+Xu6VrZUcu2jRwzjeL7i8XVbsT3zpf3ygLuITC:spv2OrkeL+8U3zpvyOuARdwvL
                                                                            MD5:7C62E287B2BBD9754AD0D9533A965439
                                                                            SHA1:9346098B7355326C60E7328F745511DB2BA68E5E
                                                                            SHA-256:E1160E18CE40E3522B800A477479210D6064364B6E02C37FD199E0DC6C99DDA1
                                                                            SHA-512:2ABF077460B3A311A889F1077FF33591192DC1C7449AD24AD3BCC31954EA7238686F876CBE42CFF638485172E853D06DAA76D602C4456F14C8CC914C86F2E5CE
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d.....e.........." ...".............................................................?....`..........................................5..p...`6.......`..p........~......0)...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                                            C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):7996
                                                                            Entropy (8bit):5.128824009655858
                                                                            Encrypted:false
                                                                            SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                            MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                            SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                            SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                            SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                            Malicious:false
                                                                            Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                            C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):23812
                                                                            Entropy (8bit):5.102231290969022
                                                                            Encrypted:false
                                                                            SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                            MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                            SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                            SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                            SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                            Malicious:false
                                                                            Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                            C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):14362
                                                                            Entropy (8bit):4.18034476253744
                                                                            Encrypted:false
                                                                            SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                            MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                            SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                            SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                            SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                            Malicious:false
                                                                            Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                            C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):59116
                                                                            Entropy (8bit):5.051886370413466
                                                                            Encrypted:false
                                                                            SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                            MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                            SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                            SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                            SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                            Malicious:false
                                                                            Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                            C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2278
                                                                            Entropy (8bit):4.581866117244519
                                                                            Encrypted:false
                                                                            SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                            MD5:932F57E78976810729855CD1B5CCD8EF
                                                                            SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                            SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                            SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                            Malicious:false
                                                                            Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                            C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):531760
                                                                            Entropy (8bit):6.367827933112642
                                                                            Encrypted:false
                                                                            SSDEEP:12288:4TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTzIGc:4UJ/Cq2IT/PiP4dapV7LDU1
                                                                            MD5:EB32CA60A33C5E42DFE48BDCECAD1693
                                                                            SHA1:F16CD5CD50976CDF0C10BF654D7A36DA6D370BEE
                                                                            SHA-256:5D9A2926D0B540875774C72B9D162F91FC2C32D7294D380093E0AD10DA1161D5
                                                                            SHA-512:52F411D0A70CFEA456944DE57F143040B64C6546254FC697A5A8798998BCA3C95FC8F7995381E5819F5B1725B91F32A2BCA57B1BF2CAF2A5DC351ECD28756428
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0............`.........................................Xp......X....................K......0)... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                            C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):919344
                                                                            Entropy (8bit):5.989878340442409
                                                                            Encrypted:false
                                                                            SSDEEP:12288:2H0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Mk:27Hdv3DyfhP2QgYPwo3Argk
                                                                            MD5:674D8D5F84EEB572A87CC24E9CFCCBD4
                                                                            SHA1:7CF572A409D99FCF622FEFEFC42E873C49EBBD4F
                                                                            SHA-256:E7486E9BB63841908D4DE5379FCB84EA80A1189E69A117B3180D44E05D3C92DF
                                                                            SHA-512:70BB7E1638CEE66E746393A9CD523BF303488DCF1AB16CD4B1B0C3FF5E7D110B245B3D523442EAFE12963793443101ACA2756F8BEDB4F257B314A67913AC4539
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ .......3....`.........................................._..{...............H........1......0)..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                                            Download File
                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):856368
                                                                            Entropy (8bit):5.595260812664481
                                                                            Encrypted:false
                                                                            SSDEEP:12288:39aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinLhb:NaBEGbL4Np84TQazCSiRhb
                                                                            MD5:B2C8E16D928A50B3E596CB64E2622EA1
                                                                            SHA1:2B9BC09C48E1BE32317584C7EE163A3D53C9E918
                                                                            SHA-256:9F82022FB2BC128B84FF396911308BEA5E063A78473E282964B08C7CB9D96045
                                                                            SHA-512:D1C9329174DB9F86E37F89E6CA485B0CBF4E75D96D404E6A943F33D58136E2F589CE665056C054E7BC84A8783E00F593C3C49BAD90361C725BE2106B5C91E22A
                                                                            Malicious:false
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................./....`.............................................................0...............0)...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                            Entropy (8bit):7.9950602442409116
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:3.17.7+SetupWIService.exe
                                                                            File size:25'493'968 bytes
                                                                            MD5:8224e4849ac357d63c1a1d0e65678064
                                                                            SHA1:b47847707cfd70f755f7172948b959fbe12d64dc
                                                                            SHA256:40b896eb84804b37301266a61bbf511e9d50d345368e53943e6c7057126046ba
                                                                            SHA512:9d9c1eb12fd5041be7ce0281d2d478a6c87d1dc341337ef822cc91a03e9e95d57320e704c5fe13c1825d50ffe5b24cc0951dee3d932ab913bbfc0f6e8a248640
                                                                            SSDEEP:393216:ynLZPkTSAFgUKfTRaQE/czvI22K2tEkaOBujudLlJ1uFMfReswSbmUJkPmc3OIl8:yLZRbaQFzYra39jQ5J9fdxcpcTvSK
                                                                            TLSH:ED473302643446A7E5616230E9325F136BABFA54DC3325734D6B388FA718BA32376F4D
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                            File Icon

                                                                            Icon Hash:336cacadb2965513

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x40352d
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:true
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                            Authenticode Signature

                                                                            Signature Valid:true
                                                                            Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                            Signature Validation Error:The operation completed successfully
                                                                            Error Number:0
                                                                            Not Before, Not After
                                                                            • 29/09/2021 01:00:00 29/09/2024 00:59:59
                                                                            Subject Chain
                                                                            • CN=Wildix EE OU, O=Wildix EE OU, S=Harjumaa, C=EE
                                                                            Version:3
                                                                            Thumbprint MD5:E55C37638C7C0FF8823DB33F19D887EC
                                                                            Thumbprint SHA-1:FECCAC6BD522C81598A4C44307F6960E9C2DAE01
                                                                            Thumbprint SHA-256:82CECC21617A201B0F87783A802716469AD2F6CA6725513168445AF20F9E732C
                                                                            Serial:00C090271985B3889571FAD0EA7DF6AF45

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            sub esp, 000003F4h
                                                                            push ebx
                                                                            push esi
                                                                            push edi
                                                                            push 00000020h
                                                                            pop edi
                                                                            xor ebx, ebx
                                                                            push 00008001h
                                                                            mov dword ptr [ebp-14h], ebx
                                                                            mov dword ptr [ebp-04h], 0040A2E0h
                                                                            mov dword ptr [ebp-10h], ebx
                                                                            call dword ptr [004080CCh]
                                                                            mov esi, dword ptr [004080D0h]
                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                            push eax
                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                            mov dword ptr [ebp-28h], ebx
                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                            call esi
                                                                            test eax, eax
                                                                            jne 00007FB8E96BB78Ah
                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                            push eax
                                                                            call esi
                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                            sub ax, 00000053h
                                                                            add ecx, FFFFFFD0h
                                                                            neg ax
                                                                            sbb eax, eax
                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                            not eax
                                                                            and eax, ecx
                                                                            mov word ptr [ebp-2Ch], ax
                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                            jnc 00007FB8E96BB75Ah
                                                                            and word ptr [ebp-00000132h], 0000h
                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                            mov dword ptr [00434FB8h], eax
                                                                            xor eax, eax
                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                            movzx eax, ax
                                                                            or eax, ecx
                                                                            xor ecx, ecx
                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                            movzx ecx, cx
                                                                            shl eax, 10h
                                                                            or eax, ecx

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x191f8.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x184d8a00x2930
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .ndata0x360000x210000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x570000x191f80x19200ed1f2dbc21e812ed07baa21108fd923eFalse0.703076414800995data6.749045274445358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0x574000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004359288398066
                                                                            RT_ICON0x630300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.34671705243268774
                                                                            RT_ICON0x672580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3989626556016598
                                                                            RT_ICON0x698000x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.43402366863905323
                                                                            RT_ICON0x6b2680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5145403377110694
                                                                            RT_ICON0x6c3100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.6281982942430704
                                                                            RT_ICON0x6d1b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5819672131147541
                                                                            RT_ICON0x6db400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7518050541516246
                                                                            RT_ICON0x6e3e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.6302325581395349
                                                                            RT_ICON0x6eaa00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.7427745664739884
                                                                            RT_ICON0x6f0080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6586879432624113
                                                                            RT_ICON0x6f4700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.46236559139784944
                                                                            RT_ICON0x6f7580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5574324324324325
                                                                            RT_DIALOG0x6f8800x200dataEnglishUnited States0.3984375
                                                                            RT_DIALOG0x6fa800xf8dataEnglishUnited States0.6290322580645161
                                                                            RT_DIALOG0x6fb780xa0dataEnglishUnited States0.60625
                                                                            RT_DIALOG0x6fc180xeedataEnglishUnited States0.6302521008403361
                                                                            RT_GROUP_ICON0x6fd080xbcdataEnglishUnited States0.6595744680851063
                                                                            RT_MANIFEST0x6fdc80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                            Imports

                                                                            DLLImport
                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Feb 5, 2024 12:02:15.516726017 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.516796112 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.516932964 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.518589020 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.518619061 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.743393898 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.743952990 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.743995905 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.745500088 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.745594025 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.746743917 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.746901035 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.747021914 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.786899090 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.786909103 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.833805084 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.945867062 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.945946932 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.945967913 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.946001053 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.946038961 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.946038961 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.946069002 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.946089983 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.946185112 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:15.946237087 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.958214998 CET49744443192.168.2.454.230.31.9
                                                                            Feb 5, 2024 12:02:15.958236933 CET4434974454.230.31.9192.168.2.4
                                                                            Feb 5, 2024 12:02:16.121232986 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.121269941 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.121455908 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.122174025 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.122186899 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.338294983 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.380691051 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.456053972 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.456089020 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.459968090 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.460072994 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.461199999 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.461391926 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.461483002 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.505671978 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.505721092 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.552526951 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.563997984 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.564173937 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.564323902 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.583025932 CET49747443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.583060026 CET4434974754.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.605654955 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.605748892 CET4434975054.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.605828047 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.606477976 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:16.606514931 CET4434975054.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.821722031 CET4434975054.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:16.865030050 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:17.392849922 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:17.392890930 CET4434975054.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:17.396827936 CET4434975054.230.31.73192.168.2.4
                                                                            Feb 5, 2024 12:02:17.396902084 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:18.313862085 CET49750443192.168.2.454.230.31.73
                                                                            Feb 5, 2024 12:02:21.770332098 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:21.770380974 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:21.770458937 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:21.772514105 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:21.772531033 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.420706987 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.421874046 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.421916962 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.423499107 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.423568010 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.424503088 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.424645901 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.424690962 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.465905905 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.474426985 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.474445105 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.521306038 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.884744883 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.884946108 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:22.885015965 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.922435999 CET49753443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:22.922460079 CET4434975352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:25.364435911 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:25.364535093 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:25.364656925 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:25.371743917 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:25.371773958 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.011373997 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.012053967 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.012109995 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.015408039 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.015645981 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.021912098 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.022016048 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.070992947 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.071021080 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.115113020 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.139571905 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.181902885 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.597191095 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.597434044 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.597526073 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.597867966 CET49759443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.597924948 CET4434975952.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.635890007 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.635931969 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.636039972 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.636945009 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.636977911 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.714951038 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.715013027 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:26.715122938 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.716032028 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:26.716051102 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.253794909 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.254515886 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.254549026 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.258510113 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.258577108 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.259507895 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.259697914 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.259721041 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.301913977 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.302597046 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.302611113 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.349473000 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.356040955 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.356940031 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.356949091 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.362510920 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.362581015 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.363554955 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.363738060 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.363759041 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.363790035 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.411973953 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.411994934 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.458859921 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.706923008 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.707171917 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.707261086 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.707551956 CET49763443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.707571030 CET4434976352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.862833977 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.862945080 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.863003969 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.863171101 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.863193989 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:27.863234997 CET49767443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:27.863243103 CET4434976752.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:28.519876957 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:28.519915104 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:28.519982100 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:28.520318031 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:28.520334959 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.160535097 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.165824890 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.165848970 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.169528961 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.169615984 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.170411110 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.170600891 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.170651913 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.217906952 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.224550962 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.224570990 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.271367073 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.629730940 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.629936934 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.630002975 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.630163908 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.630177975 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.630208969 CET49773443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.630215883 CET4434977352.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.984241009 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.984338045 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:29.984416962 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.985002995 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:29.985034943 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:30.613378048 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:30.614074945 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:30.614120960 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:30.617727041 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:30.617808104 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:30.618681908 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:30.618874073 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:30.619410992 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:30.619421005 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:30.661984921 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:31.076626062 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:31.076834917 CET4434978152.29.89.211192.168.2.4
                                                                            Feb 5, 2024 12:02:31.076914072 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:31.077186108 CET49781443192.168.2.452.29.89.211
                                                                            Feb 5, 2024 12:02:31.077212095 CET4434978152.29.89.211192.168.2.4

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Feb 5, 2024 12:02:15.389775038 CET5342153192.168.2.41.1.1.1
                                                                            Feb 5, 2024 12:02:15.511281013 CET53534211.1.1.1192.168.2.4
                                                                            Feb 5, 2024 12:02:15.999794006 CET5219253192.168.2.41.1.1.1
                                                                            Feb 5, 2024 12:02:16.118839025 CET53521921.1.1.1192.168.2.4
                                                                            Feb 5, 2024 12:02:21.646609068 CET6016153192.168.2.41.1.1.1
                                                                            Feb 5, 2024 12:02:21.765588999 CET53601611.1.1.1192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Feb 5, 2024 12:02:15.389775038 CET192.168.2.41.1.1.10xf54cStandard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:15.999794006 CET192.168.2.41.1.1.10xc60Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:21.646609068 CET192.168.2.41.1.1.10x5467Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Feb 5, 2024 12:02:15.511281013 CET1.1.1.1192.168.2.40xf54cNo error (0)files.wildix.com54.230.31.9A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:15.511281013 CET1.1.1.1192.168.2.40xf54cNo error (0)files.wildix.com54.230.31.82A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:15.511281013 CET1.1.1.1192.168.2.40xf54cNo error (0)files.wildix.com54.230.31.90A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:15.511281013 CET1.1.1.1192.168.2.40xf54cNo error (0)files.wildix.com54.230.31.73A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:16.118839025 CET1.1.1.1192.168.2.40xc60No error (0)files.wildix.com54.230.31.73A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:16.118839025 CET1.1.1.1192.168.2.40xc60No error (0)files.wildix.com54.230.31.9A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:16.118839025 CET1.1.1.1192.168.2.40xc60No error (0)files.wildix.com54.230.31.90A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:16.118839025 CET1.1.1.1192.168.2.40xc60No error (0)files.wildix.com54.230.31.82A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:21.765588999 CET1.1.1.1192.168.2.40x5467No error (0)feedback.wildix.com52.29.89.211A (IP address)IN (0x0001)false
                                                                            Feb 5, 2024 12:02:21.765588999 CET1.1.1.1192.168.2.40x5467No error (0)feedback.wildix.com52.28.144.133A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • files.wildix.com
                                                                            • feedback.wildix.com

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.44974454.230.31.94436296C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:15 UTC85OUTGET /integrations/integrations.json HTTP/1.1
                                                                            Host: files.wildix.com
                                                                            Accept: */*
                                                                            2024-02-05 11:02:15 UTC615INHTTP/1.1 200 OK
                                                                            Content-Type: application/json
                                                                            Content-Length: 7947
                                                                            Connection: close
                                                                            Last-Modified: Fri, 02 Feb 2024 11:07:00 GMT
                                                                            x-amz-server-side-encryption: AES256
                                                                            x-amz-meta-version: 148
                                                                            x-amz-version-id: v0iy2CHYsf06c.7NI6sXQTTp7FhhXNe.
                                                                            Accept-Ranges: bytes
                                                                            Server: AmazonS3
                                                                            Date: Mon, 05 Feb 2024 10:54:03 GMT
                                                                            ETag: "131ad9bf9648847e0450c21ebaad33d7"
                                                                            Vary: Accept-Encoding
                                                                            X-Cache: Hit from cloudfront
                                                                            Via: 1.1 eec18dadf208b762f519cab1e8369c3c.cloudfront.net (CloudFront)
                                                                            X-Amz-Cf-Pop: ATL56-C3
                                                                            X-Amz-Cf-Id: LQm0ftQxVa-taaN6A0nMDgiMAPqJ7KSfGFNf5HrZDvN_8vXcJ1aiog==
                                                                            Age: 493
                                                                            Vary: Origin
                                                                            2024-02-05 11:02:15 UTC7947INData Raw: 7b 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 31 34 38 2c 0a 20 20 22 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 22 62 72 6f 77 73 65 72 65 78 74 22 3a 20 7b 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 65 6e 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0a 20 20 20 20 20 20 20 20 22 65 6e 2d 75 73 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0a 20 20 20 20 20 20 20 20 22 69 74 22 3a 20 22 45 73 74 65 6e 73 69 6f 6e 65 20 64 65 6c 20 62 72 6f 77 73 65 72 22 2c 0a 20 20 20 20 20 20 20 20 22 64 65 22 3a 20 22 42 72 6f 77 73 65 72 2d 45 72 77 65 69 74 65 72 75 6e 67 22 2c 0a 20 20 20 20 20 20 20 20 22 66 72 22 3a 20 22 45 78 74 65 6e 73 69 6f 6e 20 70 6f 75 72
                                                                            Data Ascii: { "version": 148, "integrations": { "browserext": { "name": { "en": "Browser extension", "en-us": "Browser extension", "it": "Estensione del browser", "de": "Browser-Erweiterung", "fr": "Extension pour


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.44974754.230.31.734436296C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:16 UTC85OUTGET /integrations/applications.json HTTP/1.1
                                                                            Host: files.wildix.com
                                                                            Accept: */*
                                                                            2024-02-05 11:02:16 UTC617INHTTP/1.1 200 OK
                                                                            Content-Type: application/json
                                                                            Content-Length: 820
                                                                            Connection: close
                                                                            Last-Modified: Fri, 15 Dec 2023 09:07:25 GMT
                                                                            x-amz-server-side-encryption: AES256
                                                                            x-amz-meta-version: 2.6.4
                                                                            x-amz-version-id: .S4ZIxVUraQ9wO.GUe5ChZuZDCDn0YEi
                                                                            Accept-Ranges: bytes
                                                                            Server: AmazonS3
                                                                            Date: Mon, 05 Feb 2024 10:42:59 GMT
                                                                            ETag: "02fe09c91b98dada388f27aa7b79958b"
                                                                            Vary: Accept-Encoding
                                                                            X-Cache: Hit from cloudfront
                                                                            Via: 1.1 2e35e46999104454d42bab56b4746dbc.cloudfront.net (CloudFront)
                                                                            X-Amz-Cf-Pop: ATL56-C3
                                                                            X-Amz-Cf-Id: Yz1_WSZmEVrd6wy5WrS3YwgTHwAEDuRJOap4e2A_TxtFPYK0AQeoZw==
                                                                            Age: 1158
                                                                            Vary: Origin
                                                                            2024-02-05 11:02:16 UTC820INData Raw: 7b 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 37 2c 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 32 2e 36 2e 34 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 65 72 74 49 64 22 3a 20 22 36 66 37 36 39 32 37 35 35 32 34 65 39 63 33 31 37 33 64 66 33 34 61 35 37 37 34 30 30 64 33 34 39 61 35 39 38 62 38 63 35 66 39 36 31 63 33 63 37 63 65 37 34 36 36 34 32 65 37 63 62 65 34 63 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61 62
                                                                            Data Ascii: { "version": 7, "applications": { "collaboration": { "win": { "version": "2.6.4", "certId": "6f769275524e9c3173df34a577400d349a598b8c5f961c3c7ce746642e7cbe4c", "file": "win/collab


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.44975352.29.89.2114433548C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:22 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                            Host: feedback.wildix.com
                                                                            Accept: */*
                                                                            Content-Length: 534
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            2024-02-05 11:02:22 UTC534OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 61 75 74 6f 55 70 64 61 74 65 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 48 6f 73 74 22 3a 22 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 54 69 6d 65 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 31 37 2e 37 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 66 62 61 33 35 61 34 2d 66 64
                                                                            Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","autoUpdate":"disabled","lastConnectedHost":"","lastConnectedTime":0,"version":"3.17.7.1"}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6fba35a4-fd
                                                                            2024-02-05 11:02:22 UTC360INHTTP/1.1 200 OK
                                                                            Date: Mon, 05 Feb 2024 11:02:22 GMT
                                                                            Content-Type: text/html;charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Server: nginx/1.16.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                            Access-Control-Allow-Credentials: true
                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                            2024-02-05 11:02:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.44975952.29.89.2114433548C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:26 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                            Host: feedback.wildix.com
                                                                            Accept: */*
                                                                            Content-Length: 466
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            2024-02-05 11:02:26 UTC466OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 68 65 61 64 73 65 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 66 62 61 33 35 61 34 2d 66 64 32 32 2d 34 37 35 38 2d 39 30 31 35 2d 65 38 33 32 32 30 66 65 33 38 37 38 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 65 62 39 33 33 64 39 37 2d 62 32 34 30 2d 34 31 35 66 2d 61 61 33 61 2d 32 30 30 32
                                                                            Data Ascii: event=headsetIntegrationConnected&data={"appName":"headset","version":""}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6fba35a4-fd22-4758-9015-e83220fe3878","messageId":"eb933d97-b240-415f-aa3a-2002
                                                                            2024-02-05 11:02:26 UTC360INHTTP/1.1 200 OK
                                                                            Date: Mon, 05 Feb 2024 11:02:26 GMT
                                                                            Content-Type: text/html;charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Server: nginx/1.16.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                            Access-Control-Allow-Credentials: true
                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                            2024-02-05 11:02:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.44976352.29.89.2114433548C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:27 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                            Host: feedback.wildix.com
                                                                            Accept: */*
                                                                            Content-Length: 416
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            2024-02-05 11:02:27 UTC416OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 55 70 64 61 74 65 53 74 6f 70 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 66 62 61 33 35 61 34 2d 66 64 32 32 2d 34 37 35 38 2d 39 30 31 35 2d 65 38 33 32 32 30 66 65 33 38 37 38 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 31 35 66 32 34 30 30 34 2d 39 31 32 37 2d 34 39 65 32 2d 38 65 66 65 2d 63 33 36 36 66 65 38 66 31 65 31 39 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75
                                                                            Data Ascii: event=headsetUpdateStop&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6fba35a4-fd22-4758-9015-e83220fe3878","messageId":"15f24004-9127-49e2-8efe-c366fe8f1e19","os":"Windows_NT","osBits":"64bit","osBu
                                                                            2024-02-05 11:02:27 UTC360INHTTP/1.1 200 OK
                                                                            Date: Mon, 05 Feb 2024 11:02:27 GMT
                                                                            Content-Type: text/html;charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Server: nginx/1.16.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                            Access-Control-Allow-Credentials: true
                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                            2024-02-05 11:02:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            5192.168.2.44976752.29.89.211443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:27 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                            Host: feedback.wildix.com
                                                                            Accept: */*
                                                                            Content-Length: 384
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            2024-02-05 11:02:27 UTC384OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 53 79 6e 63 53 74 61 72 74 65 64 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 37 63 65 37 31 38 31 38 2d 34 66 66 66 2d 34 33 35 33 2d 62 38 63 64 2d 30 30 36 31 63 30 37 36 31 30 38 33 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 45 6e 74 65 72 70 72 69 73
                                                                            Data Ascii: event=outlookSyncStarted&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"","machineId":"","messageId":"7ce71818-4fff-4353-b8cd-0061c0761083","os":"Windows_NT","osBits":"64bit","osBuild":"","osName":"Windows 10 Enterpris
                                                                            2024-02-05 11:02:27 UTC360INHTTP/1.1 200 OK
                                                                            Date: Mon, 05 Feb 2024 11:02:27 GMT
                                                                            Content-Type: text/html;charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Server: nginx/1.16.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                            Access-Control-Allow-Credentials: true
                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                            2024-02-05 11:02:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            6192.168.2.44977352.29.89.211443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:29 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                            Host: feedback.wildix.com
                                                                            Accept: */*
                                                                            Content-Length: 502
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            2024-02-05 11:02:29 UTC502OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 53 79 6e 63 4c 6f 67 4d 65 73 73 61 67 65 26 64 61 74 61 3d 7b 22 6c 6f 67 4d 65 73 73 61 67 65 54 79 70 65 22 3a 22 6c 6f 61 64 65 72 5f 66 61 69 6c 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 7b 5c 22 64 65 73 63 72 69 70 74 69 6f 6e 5c 22 3a 5c 22 43 6f 75 6c 64 6e 27 74 20 67 65 74 20 73 65 73 73 69 6f 6e 20 6f 62 6a 65 63 74 20 28 30 20 70 72 6f 66 69 6c 65 73 29 5c 22 7d 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22
                                                                            Data Ascii: event=outlookSyncLogMessage&data={"logMessageType":"loader_failed","message":"{\"description\":\"Couldn't get session object (0 profiles)\"}"}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"","machineId":"","messageId"
                                                                            2024-02-05 11:02:29 UTC360INHTTP/1.1 200 OK
                                                                            Date: Mon, 05 Feb 2024 11:02:29 GMT
                                                                            Content-Type: text/html;charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Server: nginx/1.16.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                            Access-Control-Allow-Credentials: true
                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                            2024-02-05 11:02:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.44978152.29.89.2114433548C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-02-05 11:02:30 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                            Host: feedback.wildix.com
                                                                            Accept: */*
                                                                            Content-Length: 489
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            2024-02-05 11:02:30 UTC489OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 6f 75 74 6c 6f 6f 6b 22 2c 22 63 6f 6e 6e 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 57 53 53 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 66 62 61 33 35 61 34 2d 66 64 32 32 2d 34 37 35 38 2d 39 30 31 35 2d 65 38 33 32 32 30 66 65 33 38 37 38 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 33 63 35 35 37
                                                                            Data Ascii: event=outlookIntegrationConnected&data={"appName":"outlook","connectionType":"WSS","version":""}&context={"cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6fba35a4-fd22-4758-9015-e83220fe3878","messageId":"3c557
                                                                            2024-02-05 11:02:31 UTC360INHTTP/1.1 200 OK
                                                                            Date: Mon, 05 Feb 2024 11:02:30 GMT
                                                                            Content-Type: text/html;charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Server: nginx/1.16.1
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Headers: accept, authorization, content-type
                                                                            Access-Control-Allow-Credentials: true
                                                                            P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                            2024-02-05 11:02:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:12:00:28
                                                                            Start date:05/02/2024
                                                                            Path:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\Desktop\3.17.7+SetupWIService.exe
                                                                            Imagebase:0x400000
                                                                            File size:25'493'968 bytes
                                                                            MD5 hash:8224E4849AC357D63C1A1D0E65678064
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:12:00:28
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:12:00:28
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:12:00:28
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM WIService.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:12:00:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:12:00:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:6
                                                                            Start time:12:00:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM WIui.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:7
                                                                            Start time:12:00:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:8
                                                                            Start time:12:00:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:9
                                                                            Start time:12:00:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM wirtpproxy.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:10
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:11
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:12
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM wiservice-ui.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:13
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:14
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:15
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM vncsrv.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:16
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:17
                                                                            Start time:12:00:30
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:18
                                                                            Start time:12:00:31
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:19
                                                                            Start time:12:00:31
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM WildixOutlookSync32.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:20
                                                                            Start time:12:00:31
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:21
                                                                            Start time:12:00:31
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM WildixOutlookSync32.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:22
                                                                            Start time:12:00:31
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:cmd /C taskkill /F /IM WildixOutlookSync64.exe
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:23
                                                                            Start time:12:00:31
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:24
                                                                            Start time:12:00:32
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:taskkill /F /IM WildixOutlookSync64.exe
                                                                            Imagebase:0x390000
                                                                            File size:74'240 bytes
                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:25
                                                                            Start time:12:00:35
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:26
                                                                            Start time:12:00:36
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\spoolsv.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\spoolsv.exe
                                                                            Imagebase:0x7ff646ff0000
                                                                            File size:842'752 bytes
                                                                            MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:28
                                                                            Start time:12:00:38
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\spoolsv.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\spoolsv.exe
                                                                            Imagebase:0x7ff646ff0000
                                                                            File size:842'752 bytes
                                                                            MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:30
                                                                            Start time:12:00:45
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                                            Imagebase:0x21175810000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:31
                                                                            Start time:12:00:45
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:33
                                                                            Start time:12:00:54
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:34
                                                                            Start time:12:00:56
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                                            Imagebase:0x28c3ca10000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:35
                                                                            Start time:12:00:56
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:36
                                                                            Start time:12:01:07
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                                            Imagebase:0x2529a7b0000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:37
                                                                            Start time:12:01:07
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:38
                                                                            Start time:12:01:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                                            Imagebase:0x26d0a080000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:39
                                                                            Start time:12:01:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:40
                                                                            Start time:12:01:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                                            Imagebase:0x1ef77a60000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:41
                                                                            Start time:12:01:29
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:42
                                                                            Start time:12:01:40
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                                            Imagebase:0x20cc5370000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:43
                                                                            Start time:12:01:40
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:44
                                                                            Start time:12:01:51
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                                            Imagebase:0x1d5d4f80000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:45
                                                                            Start time:12:01:51
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:47
                                                                            Start time:12:02:02
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                                            Imagebase:0x19aa8190000
                                                                            File size:65'168 bytes
                                                                            MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:48
                                                                            Start time:12:02:02
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:49
                                                                            Start time:12:02:12
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                            Imagebase:0x7ff698080000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:50
                                                                            Start time:12:02:12
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:51
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:52
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                            Imagebase:0x7ff698080000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:53
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:54
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\netsh.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                            Imagebase:0x7ff6629a0000
                                                                            File size:96'768 bytes
                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:55
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                            Imagebase:0x7ff698080000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:56
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:57
                                                                            Start time:12:02:13
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\netsh.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                            Imagebase:0x7ff6629a0000
                                                                            File size:96'768 bytes
                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:58
                                                                            Start time:12:02:14
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --update
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:59
                                                                            Start time:12:02:14
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:60
                                                                            Start time:12:02:15
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:61
                                                                            Start time:12:02:15
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:63
                                                                            Start time:12:02:16
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:64
                                                                            Start time:12:02:16
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:65
                                                                            Start time:12:02:17
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\explorer.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk
                                                                            Imagebase:0x7ff72b770000
                                                                            File size:5'141'208 bytes
                                                                            MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:66
                                                                            Start time:12:02:17
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\explorer.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                            Imagebase:0x7ff70f330000
                                                                            File size:5'141'208 bytes
                                                                            MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:67
                                                                            Start time:12:02:18
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:68
                                                                            Start time:12:02:18
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:69
                                                                            Start time:12:02:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\explorer.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Imagebase:0x7ff72b770000
                                                                            File size:5'141'208 bytes
                                                                            MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:70
                                                                            Start time:12:02:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                            Imagebase:0x7ff698080000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:71
                                                                            Start time:12:02:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:72
                                                                            Start time:12:02:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\explorer.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                            Imagebase:0x7ff72b770000
                                                                            File size:5'141'208 bytes
                                                                            MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:73
                                                                            Start time:12:02:19
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                            Imagebase:0x7ff76f990000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:74
                                                                            Start time:12:02:20
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
                                                                            Imagebase:0x7ff698080000
                                                                            File size:289'792 bytes
                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:75
                                                                            Start time:12:02:20
                                                                            Start date:05/02/2024
                                                                            Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                            Imagebase:0x7ff7ef8f0000
                                                                            File size:16'767'280 bytes
                                                                            MD5 hash:0BC9CDC14493914B549C5F2FFCAD4DC6
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:76
                                                                            Start time:12:02:20
                                                                            Start date:05/02/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:31.1%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:16.6%
                                                                              Total number of Nodes:1351
                                                                              Total number of Limit Nodes:37
                                                                              execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2967 401423 2931->2967 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2971 405aeb CreateDirectoryW 2941->2971 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 3021 40559f 2967->3021 2970 40653d lstrcpynW 2970->2938 2972 405afb 2971->2972 2973 405aff GetLastError 2971->2973 2972->2941 2973->2972 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2970 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3106 406873 FindFirstFileW 3043->3106 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3089 405e58 lstrlenW 3046->3089 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3093 40653d lstrcpynW 3065->3093 3094 405c01 3065->3094 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3112 40653d lstrcpynW 3074->3112 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3090 405e66 3089->3090 3091 405e78 3090->3091 3092 405e6c CharPrevW 3090->3092 3091->3049 3092->3090 3092->3091 3093->3065 3113 406008 GetFileAttributesW 3094->3113 3097 405c2e 3097->3065 3098 405c24 DeleteFileW 3100 405c2a 3098->3100 3099 405c1c RemoveDirectoryW 3099->3100 3100->3097 3101 405c3a SetFileAttributesW 3100->3101 3101->3097 3103 406311 3102->3103 3105 40631e 3102->3105 3116 406183 3103->3116 3105->3065 3107 405dcd 3106->3107 3108 406889 FindClose 3106->3108 3107->3072 3109 405e0c lstrlenW CharPrevW 3107->3109 3108->3107 3110 405dd7 3109->3110 3111 405e28 lstrcatW 3109->3111 3110->3057 3111->3110 3112->3076 3114 405c0d 3113->3114 3115 40601a SetFileAttributesW 3113->3115 3114->3097 3114->3098 3114->3099 3115->3114 3117 4061b3 3116->3117 3118 4061d9 GetShortPathNameW 3116->3118 3143 40602d GetFileAttributesW CreateFileW 3117->3143 3120 4062f8 3118->3120 3121 4061ee 3118->3121 3120->3105 3121->3120 3123 4061f6 wsprintfA 3121->3123 3122 4061bd CloseHandle GetShortPathNameW 3122->3120 3124 4061d1 3122->3124 3125 40657a 17 API calls 3123->3125 3124->3118 3124->3120 3126 40621e 3125->3126 3144 40602d GetFileAttributesW CreateFileW 3126->3144 3128 40622b 3128->3120 3129 40623a GetFileSize GlobalAlloc 3128->3129 3130 4062f1 CloseHandle 3129->3130 3131 40625c 3129->3131 3130->3120 3145 4060b0 ReadFile 3131->3145 3136 40627b lstrcpyA 3139 40629d 3136->3139 3137 40628f 3138 405f92 4 API calls 3137->3138 3138->3139 3140 4062d4 SetFilePointer 3139->3140 3152 4060df WriteFile 3140->3152 3143->3122 3144->3128 3146 4060ce 3145->3146 3146->3130 3147 405f92 lstrlenA 3146->3147 3148 405fd3 lstrlenA 3147->3148 3149 405fdb 3148->3149 3150 405fac lstrcmpiA 3148->3150 3149->3136 3149->3137 3150->3149 3151 405fca CharNextA 3150->3151 3151->3148 3153 4060fd GlobalFree 3152->3153 3153->3130 3168 401c43 3169 402d84 17 API calls 3168->3169 3170 401c4a 3169->3170 3171 402d84 17 API calls 3170->3171 3172 401c57 3171->3172 3173 401c6c 3172->3173 3174 402da6 17 API calls 3172->3174 3175 401c7c 3173->3175 3176 402da6 17 API calls 3173->3176 3174->3173 3177 401cd3 3175->3177 3178 401c87 3175->3178 3176->3175 3180 402da6 17 API calls 3177->3180 3179 402d84 17 API calls 3178->3179 3182 401c8c 3179->3182 3181 401cd8 3180->3181 3183 402da6 17 API calls 3181->3183 3184 402d84 17 API calls 3182->3184 3185 401ce1 FindWindowExW 3183->3185 3186 401c98 3184->3186 3189 401d03 3185->3189 3187 401cc3 SendMessageW 3186->3187 3188 401ca5 SendMessageTimeoutW 3186->3188 3187->3189 3188->3189 3876 404943 3877 404953 3876->3877 3878 404979 3876->3878 3879 404499 18 API calls 3877->3879 3880 404500 8 API calls 3878->3880 3881 404960 SetDlgItemTextW 3879->3881 3882 404985 3880->3882 3881->3878 3883 4028c4 3884 4028ca 3883->3884 3885 4028d2 FindClose 3884->3885 3886 402c2a 3884->3886 3885->3886 3298 4014cb 3299 40559f 24 API calls 3298->3299 3300 4014d2 3299->3300 3887 4016cc 3888 402da6 17 API calls 3887->3888 3889 4016d2 GetFullPathNameW 3888->3889 3890 4016ec 3889->3890 3896 40170e 3889->3896 3893 406873 2 API calls 3890->3893 3890->3896 3891 401723 GetShortPathNameW 3892 402c2a 3891->3892 3894 4016fe 3893->3894 3894->3896 3897 40653d lstrcpynW 3894->3897 3896->3891 3896->3892 3897->3896 3898 401e4e GetDC 3899 402d84 17 API calls 3898->3899 3900 401e60 GetDeviceCaps MulDiv ReleaseDC 3899->3900 3901 402d84 17 API calls 3900->3901 3902 401e91 3901->3902 3903 40657a 17 API calls 3902->3903 3904 401ece CreateFontIndirectW 3903->3904 3905 402638 3904->3905 3906 4045cf lstrcpynW lstrlenW 3907 402950 3908 402da6 17 API calls 3907->3908 3910 40295c 3908->3910 3909 402972 3912 406008 2 API calls 3909->3912 3910->3909 3911 402da6 17 API calls 3910->3911 3911->3909 3913 402978 3912->3913 3935 40602d GetFileAttributesW CreateFileW 3913->3935 3915 402985 3916 402a3b 3915->3916 3917 4029a0 GlobalAlloc 3915->3917 3918 402a23 3915->3918 3919 402a42 DeleteFileW 3916->3919 3920 402a55 3916->3920 3917->3918 3921 4029b9 3917->3921 3922 4032b4 31 API calls 3918->3922 3919->3920 3936 4034e5 SetFilePointer 3921->3936 3924 402a30 CloseHandle 3922->3924 3924->3916 3925 4029bf 3926 4034cf ReadFile 3925->3926 3927 4029c8 GlobalAlloc 3926->3927 3928 4029d8 3927->3928 3929 402a0c 3927->3929 3930 4032b4 31 API calls 3928->3930 3931 4060df WriteFile 3929->3931 3934 4029e5 3930->3934 3932 402a18 GlobalFree 3931->3932 3932->3918 3933 402a03 GlobalFree 3933->3929 3934->3933 3935->3915 3936->3925 3937 401956 3938 402da6 17 API calls 3937->3938 3939 40195d lstrlenW 3938->3939 3940 402638 3939->3940 3648 4014d7 3649 402d84 17 API calls 3648->3649 3650 4014dd Sleep 3649->3650 3652 402c2a 3650->3652 3653 4020d8 3654 4020ea 3653->3654 3664 40219c 3653->3664 3655 402da6 17 API calls 3654->3655 3657 4020f1 3655->3657 3656 401423 24 API calls 3662 4022f6 3656->3662 3658 402da6 17 API calls 3657->3658 3659 4020fa 3658->3659 3660 402110 LoadLibraryExW 3659->3660 3661 402102 GetModuleHandleW 3659->3661 3663 402121 3660->3663 3660->3664 3661->3660 3661->3663 3673 406979 3663->3673 3664->3656 3667 402132 3670 401423 24 API calls 3667->3670 3671 402142 3667->3671 3668 40216b 3669 40559f 24 API calls 3668->3669 3669->3671 3670->3671 3671->3662 3672 40218e FreeLibrary 3671->3672 3672->3662 3678 40655f WideCharToMultiByte 3673->3678 3675 406996 3676 40699d GetProcAddress 3675->3676 3677 40212c 3675->3677 3676->3677 3677->3667 3677->3668 3678->3675 3941 404658 3942 404670 3941->3942 3948 40478a 3941->3948 3949 404499 18 API calls 3942->3949 3943 4047f4 3944 4048be 3943->3944 3945 4047fe GetDlgItem 3943->3945 3950 404500 8 API calls 3944->3950 3946 404818 3945->3946 3947 40487f 3945->3947 3946->3947 3954 40483e SendMessageW LoadCursorW SetCursor 3946->3954 3947->3944 3955 404891 3947->3955 3948->3943 3948->3944 3951 4047c5 GetDlgItem SendMessageW 3948->3951 3952 4046d7 3949->3952 3953 4048b9 3950->3953 3974 4044bb KiUserCallbackDispatcher 3951->3974 3957 404499 18 API calls 3952->3957 3978 404907 3954->3978 3960 4048a7 3955->3960 3961 404897 SendMessageW 3955->3961 3958 4046e4 CheckDlgButton 3957->3958 3972 4044bb KiUserCallbackDispatcher 3958->3972 3960->3953 3965 4048ad SendMessageW 3960->3965 3961->3960 3962 4047ef 3975 4048e3 3962->3975 3965->3953 3967 404702 GetDlgItem 3973 4044ce SendMessageW 3967->3973 3969 404718 SendMessageW 3970 404735 GetSysColor 3969->3970 3971 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3969->3971 3970->3971 3971->3953 3972->3967 3973->3969 3974->3962 3976 4048f1 3975->3976 3977 4048f6 SendMessageW 3975->3977 3976->3977 3977->3943 3981 405b63 ShellExecuteExW 3978->3981 3980 40486d LoadCursorW SetCursor 3980->3947 3981->3980 3982 402b59 3983 402b60 3982->3983 3984 402bab 3982->3984 3987 402d84 17 API calls 3983->3987 3990 402ba9 3983->3990 3985 40690a 5 API calls 3984->3985 3986 402bb2 3985->3986 3988 402da6 17 API calls 3986->3988 3989 402b6e 3987->3989 3991 402bbb 3988->3991 3992 402d84 17 API calls 3989->3992 3991->3990 3993 402bbf IIDFromString 3991->3993 3995 402b7a 3992->3995 3993->3990 3994 402bce 3993->3994 3994->3990 4000 40653d lstrcpynW 3994->4000 3999 406484 wsprintfW 3995->3999 3998 402beb CoTaskMemFree 3998->3990 3999->3990 4000->3998 3796 40175c 3797 402da6 17 API calls 3796->3797 3798 401763 3797->3798 3799 40605c 2 API calls 3798->3799 3800 40176a 3799->3800 3801 40605c 2 API calls 3800->3801 3801->3800 4001 401d5d 4002 402d84 17 API calls 4001->4002 4003 401d6e SetWindowLongW 4002->4003 4004 402c2a 4003->4004 3802 4028de 3803 4028e6 3802->3803 3804 4028ea FindNextFileW 3803->3804 3806 4028fc 3803->3806 3805 402943 3804->3805 3804->3806 3808 40653d lstrcpynW 3805->3808 3808->3806 3809 401ede 3810 402d84 17 API calls 3809->3810 3811 401ee4 3810->3811 3812 402d84 17 API calls 3811->3812 3813 401ef0 3812->3813 3814 401f07 EnableWindow 3813->3814 3815 401efc ShowWindow 3813->3815 3816 402c2a 3814->3816 3815->3816 3817 4056de 3818 405888 3817->3818 3819 4056ff GetDlgItem GetDlgItem GetDlgItem 3817->3819 3821 405891 GetDlgItem CreateThread FindCloseChangeNotification 3818->3821 3822 4058b9 3818->3822 3862 4044ce SendMessageW 3819->3862 3821->3822 3865 405672 5 API calls 3821->3865 3824 4058e4 3822->3824 3826 4058d0 ShowWindow ShowWindow 3822->3826 3827 405909 3822->3827 3823 40576f 3831 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3823->3831 3825 405944 3824->3825 3828 4058f8 3824->3828 3829 40591e ShowWindow 3824->3829 3825->3827 3838 405952 SendMessageW 3825->3838 3864 4044ce SendMessageW 3826->3864 3830 404500 8 API calls 3827->3830 3833 404472 SendMessageW 3828->3833 3834 405930 3829->3834 3835 40593e 3829->3835 3843 405917 3830->3843 3836 4057e4 3831->3836 3837 4057c8 SendMessageW SendMessageW 3831->3837 3833->3827 3839 40559f 24 API calls 3834->3839 3840 404472 SendMessageW 3835->3840 3841 4057f7 3836->3841 3842 4057e9 SendMessageW 3836->3842 3837->3836 3838->3843 3844 40596b CreatePopupMenu 3838->3844 3839->3835 3840->3825 3846 404499 18 API calls 3841->3846 3842->3841 3845 40657a 17 API calls 3844->3845 3847 40597b AppendMenuW 3845->3847 3848 405807 3846->3848 3849 405998 GetWindowRect 3847->3849 3850 4059ab TrackPopupMenu 3847->3850 3851 405810 ShowWindow 3848->3851 3852 405844 GetDlgItem SendMessageW 3848->3852 3849->3850 3850->3843 3853 4059c6 3850->3853 3854 405833 3851->3854 3855 405826 ShowWindow 3851->3855 3852->3843 3856 40586b SendMessageW SendMessageW 3852->3856 3857 4059e2 SendMessageW 3853->3857 3863 4044ce SendMessageW 3854->3863 3855->3854 3856->3843 3857->3857 3858 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3857->3858 3860 405a24 SendMessageW 3858->3860 3860->3860 3861 405a4d GlobalUnlock SetClipboardData CloseClipboard 3860->3861 3861->3843 3862->3823 3863->3852 3864->3824 4005 404ce0 4006 404cf0 4005->4006 4007 404d0c 4005->4007 4016 405b81 GetDlgItemTextW 4006->4016 4008 404d12 SHGetPathFromIDListW 4007->4008 4009 404d3f 4007->4009 4011 404d29 SendMessageW 4008->4011 4012 404d22 4008->4012 4011->4009 4014 40140b 2 API calls 4012->4014 4013 404cfd SendMessageW 4013->4007 4014->4011 4016->4013 4017 401563 4018 402ba4 4017->4018 4021 406484 wsprintfW 4018->4021 4020 402ba9 4021->4020 4022 401968 4023 402d84 17 API calls 4022->4023 4024 40196f 4023->4024 4025 402d84 17 API calls 4024->4025 4026 40197c 4025->4026 4027 402da6 17 API calls 4026->4027 4028 401993 lstrlenW 4027->4028 4029 4019a4 4028->4029 4033 4019e5 4029->4033 4034 40653d lstrcpynW 4029->4034 4031 4019d5 4032 4019da lstrlenW 4031->4032 4031->4033 4032->4033 4034->4031 4035 40166a 4036 402da6 17 API calls 4035->4036 4037 401670 4036->4037 4038 406873 2 API calls 4037->4038 4039 401676 4038->4039 4040 402aeb 4041 402d84 17 API calls 4040->4041 4042 402af1 4041->4042 4043 40292e 4042->4043 4044 40657a 17 API calls 4042->4044 4044->4043 4045 4026ec 4046 402d84 17 API calls 4045->4046 4047 4026fb 4046->4047 4048 402745 ReadFile 4047->4048 4049 4060b0 ReadFile 4047->4049 4051 402785 MultiByteToWideChar 4047->4051 4052 40283a 4047->4052 4054 4027ab SetFilePointer MultiByteToWideChar 4047->4054 4055 40284b 4047->4055 4057 402838 4047->4057 4058 40610e SetFilePointer 4047->4058 4048->4047 4048->4057 4049->4047 4051->4047 4067 406484 wsprintfW 4052->4067 4054->4047 4056 40286c SetFilePointer 4055->4056 4055->4057 4056->4057 4059 40612a 4058->4059 4062 406142 4058->4062 4060 4060b0 ReadFile 4059->4060 4061 406136 4060->4061 4061->4062 4063 406173 SetFilePointer 4061->4063 4064 40614b SetFilePointer 4061->4064 4062->4047 4063->4062 4064->4063 4065 406156 4064->4065 4066 4060df WriteFile 4065->4066 4066->4062 4067->4057 3557 40176f 3558 402da6 17 API calls 3557->3558 3559 401776 3558->3559 3560 401796 3559->3560 3561 40179e 3559->3561 3596 40653d lstrcpynW 3560->3596 3597 40653d lstrcpynW 3561->3597 3564 40179c 3568 4067c4 5 API calls 3564->3568 3565 4017a9 3566 405e0c 3 API calls 3565->3566 3567 4017af lstrcatW 3566->3567 3567->3564 3585 4017bb 3568->3585 3569 406873 2 API calls 3569->3585 3570 406008 2 API calls 3570->3585 3572 4017cd CompareFileTime 3572->3585 3573 40188d 3575 40559f 24 API calls 3573->3575 3574 401864 3576 40559f 24 API calls 3574->3576 3580 401879 3574->3580 3578 401897 3575->3578 3576->3580 3577 40653d lstrcpynW 3577->3585 3579 4032b4 31 API calls 3578->3579 3581 4018aa 3579->3581 3582 4018be SetFileTime 3581->3582 3583 4018d0 FindCloseChangeNotification 3581->3583 3582->3583 3583->3580 3586 4018e1 3583->3586 3584 40657a 17 API calls 3584->3585 3585->3569 3585->3570 3585->3572 3585->3573 3585->3574 3585->3577 3585->3584 3591 405b9d MessageBoxIndirectW 3585->3591 3595 40602d GetFileAttributesW CreateFileW 3585->3595 3587 4018e6 3586->3587 3588 4018f9 3586->3588 3589 40657a 17 API calls 3587->3589 3590 40657a 17 API calls 3588->3590 3592 4018ee lstrcatW 3589->3592 3593 401901 3590->3593 3591->3585 3592->3593 3594 405b9d MessageBoxIndirectW 3593->3594 3594->3580 3595->3585 3596->3564 3597->3565 4068 401a72 4069 402d84 17 API calls 4068->4069 4070 401a7b 4069->4070 4071 402d84 17 API calls 4070->4071 4072 401a20 4071->4072 4073 401573 4074 401583 ShowWindow 4073->4074 4075 40158c 4073->4075 4074->4075 4076 402c2a 4075->4076 4077 40159a ShowWindow 4075->4077 4077->4076 4078 4023f4 4079 402da6 17 API calls 4078->4079 4080 402403 4079->4080 4081 402da6 17 API calls 4080->4081 4082 40240c 4081->4082 4083 402da6 17 API calls 4082->4083 4084 402416 GetPrivateProfileStringW 4083->4084 4085 4014f5 SetForegroundWindow 4086 402c2a 4085->4086 4087 401ff6 4088 402da6 17 API calls 4087->4088 4089 401ffd 4088->4089 4090 406873 2 API calls 4089->4090 4091 402003 4090->4091 4093 402014 4091->4093 4094 406484 wsprintfW 4091->4094 4094->4093 4095 401b77 4096 402da6 17 API calls 4095->4096 4097 401b7e 4096->4097 4098 402d84 17 API calls 4097->4098 4099 401b87 wsprintfW 4098->4099 4100 402c2a 4099->4100 4101 40167b 4102 402da6 17 API calls 4101->4102 4103 401682 4102->4103 4104 402da6 17 API calls 4103->4104 4105 40168b 4104->4105 4106 402da6 17 API calls 4105->4106 4107 401694 MoveFileW 4106->4107 4108 4016a7 4107->4108 4114 4016a0 4107->4114 4110 406873 2 API calls 4108->4110 4112 4022f6 4108->4112 4109 401423 24 API calls 4109->4112 4111 4016b6 4110->4111 4111->4112 4113 4062fd 36 API calls 4111->4113 4113->4114 4114->4109 4115 4019ff 4116 402da6 17 API calls 4115->4116 4117 401a06 4116->4117 4118 402da6 17 API calls 4117->4118 4119 401a0f 4118->4119 4120 401a16 lstrcmpiW 4119->4120 4121 401a28 lstrcmpW 4119->4121 4122 401a1c 4120->4122 4121->4122 4123 4022ff 4124 402da6 17 API calls 4123->4124 4125 402305 4124->4125 4126 402da6 17 API calls 4125->4126 4127 40230e 4126->4127 4128 402da6 17 API calls 4127->4128 4129 402317 4128->4129 4130 406873 2 API calls 4129->4130 4131 402320 4130->4131 4132 402331 lstrlenW lstrlenW 4131->4132 4133 402324 4131->4133 4135 40559f 24 API calls 4132->4135 4134 40559f 24 API calls 4133->4134 4137 40232c 4133->4137 4134->4137 4136 40236f SHFileOperationW 4135->4136 4136->4133 4136->4137 4138 401000 4139 401037 BeginPaint GetClientRect 4138->4139 4140 40100c DefWindowProcW 4138->4140 4142 4010f3 4139->4142 4145 401179 4140->4145 4143 401073 CreateBrushIndirect FillRect DeleteObject 4142->4143 4144 4010fc 4142->4144 4143->4142 4146 401102 CreateFontIndirectW 4144->4146 4147 401167 EndPaint 4144->4147 4146->4147 4148 401112 6 API calls 4146->4148 4147->4145 4148->4147 3154 401d81 3155 401d94 GetDlgItem 3154->3155 3156 401d87 3154->3156 3157 401d8e 3155->3157 3165 402d84 3156->3165 3159 401dd5 GetClientRect LoadImageW SendMessageW 3157->3159 3160 402da6 17 API calls 3157->3160 3162 401e33 3159->3162 3164 401e3f 3159->3164 3160->3159 3163 401e38 DeleteObject 3162->3163 3162->3164 3163->3164 3166 40657a 17 API calls 3165->3166 3167 402d99 3166->3167 3167->3157 4149 401503 4150 40150b 4149->4150 4152 40151e 4149->4152 4151 402d84 17 API calls 4150->4151 4151->4152 4153 402383 4154 40238a 4153->4154 4157 40239d 4153->4157 4155 40657a 17 API calls 4154->4155 4156 402397 4155->4156 4158 405b9d MessageBoxIndirectW 4156->4158 4158->4157 4159 402c05 SendMessageW 4160 402c2a 4159->4160 4161 402c1f InvalidateRect 4159->4161 4161->4160 4162 404f06 GetDlgItem GetDlgItem 4163 404f58 7 API calls 4162->4163 4169 40517d 4162->4169 4164 404ff2 SendMessageW 4163->4164 4165 404fff DeleteObject 4163->4165 4164->4165 4166 405008 4165->4166 4167 40503f 4166->4167 4170 40657a 17 API calls 4166->4170 4171 404499 18 API calls 4167->4171 4168 40525f 4172 40530b 4168->4172 4182 4052b8 SendMessageW 4168->4182 4202 405170 4168->4202 4169->4168 4173 4051ec 4169->4173 4216 404e54 SendMessageW 4169->4216 4176 405021 SendMessageW SendMessageW 4170->4176 4177 405053 4171->4177 4174 405315 SendMessageW 4172->4174 4175 40531d 4172->4175 4173->4168 4178 405251 SendMessageW 4173->4178 4174->4175 4184 405336 4175->4184 4185 40532f ImageList_Destroy 4175->4185 4200 405346 4175->4200 4176->4166 4181 404499 18 API calls 4177->4181 4178->4168 4179 404500 8 API calls 4183 40550c 4179->4183 4195 405064 4181->4195 4187 4052cd SendMessageW 4182->4187 4182->4202 4188 40533f GlobalFree 4184->4188 4184->4200 4185->4184 4186 4054c0 4191 4054d2 ShowWindow GetDlgItem ShowWindow 4186->4191 4186->4202 4190 4052e0 4187->4190 4188->4200 4189 40513f GetWindowLongW SetWindowLongW 4192 405158 4189->4192 4201 4052f1 SendMessageW 4190->4201 4191->4202 4193 405175 4192->4193 4194 40515d ShowWindow 4192->4194 4215 4044ce SendMessageW 4193->4215 4214 4044ce SendMessageW 4194->4214 4195->4189 4196 40513a 4195->4196 4199 4050b7 SendMessageW 4195->4199 4203 4050f5 SendMessageW 4195->4203 4204 405109 SendMessageW 4195->4204 4196->4189 4196->4192 4199->4195 4200->4186 4207 405381 4200->4207 4221 404ed4 4200->4221 4201->4172 4202->4179 4203->4195 4204->4195 4206 40548b 4208 405496 InvalidateRect 4206->4208 4211 4054a2 4206->4211 4209 4053af SendMessageW 4207->4209 4210 4053c5 4207->4210 4208->4211 4209->4210 4210->4206 4212 405439 SendMessageW SendMessageW 4210->4212 4211->4186 4230 404e0f 4211->4230 4212->4210 4214->4202 4215->4169 4217 404eb3 SendMessageW 4216->4217 4218 404e77 GetMessagePos ScreenToClient SendMessageW 4216->4218 4220 404eab 4217->4220 4219 404eb0 4218->4219 4218->4220 4219->4217 4220->4173 4233 40653d lstrcpynW 4221->4233 4223 404ee7 4234 406484 wsprintfW 4223->4234 4225 404ef1 4226 40140b 2 API calls 4225->4226 4227 404efa 4226->4227 4235 40653d lstrcpynW 4227->4235 4229 404f01 4229->4207 4236 404d46 4230->4236 4232 404e24 4232->4186 4233->4223 4234->4225 4235->4229 4237 404d5f 4236->4237 4238 40657a 17 API calls 4237->4238 4239 404dc3 4238->4239 4240 40657a 17 API calls 4239->4240 4241 404dce 4240->4241 4242 40657a 17 API calls 4241->4242 4243 404de4 lstrlenW wsprintfW SetDlgItemTextW 4242->4243 4243->4232 4244 404609 lstrlenW 4245 404628 4244->4245 4246 40462a WideCharToMultiByte 4244->4246 4245->4246 3216 40248a 3217 402da6 17 API calls 3216->3217 3218 40249c 3217->3218 3219 402da6 17 API calls 3218->3219 3220 4024a6 3219->3220 3233 402e36 3220->3233 3223 40292e 3224 4024de 3226 4024ea 3224->3226 3228 402d84 17 API calls 3224->3228 3225 402da6 17 API calls 3227 4024d4 lstrlenW 3225->3227 3229 402509 RegSetValueExW 3226->3229 3237 4032b4 3226->3237 3227->3224 3228->3226 3231 40251f RegCloseKey 3229->3231 3231->3223 3234 402e51 3233->3234 3257 4063d8 3234->3257 3238 4032cd 3237->3238 3239 4032fb 3238->3239 3264 4034e5 SetFilePointer 3238->3264 3261 4034cf 3239->3261 3243 403468 3245 4034aa 3243->3245 3248 40346c 3243->3248 3244 403318 GetTickCount 3249 403452 3244->3249 3253 403367 3244->3253 3246 4034cf ReadFile 3245->3246 3246->3249 3247 4034cf ReadFile 3247->3253 3248->3249 3250 4034cf ReadFile 3248->3250 3251 4060df WriteFile 3248->3251 3249->3229 3250->3248 3251->3248 3252 4033bd GetTickCount 3252->3253 3253->3247 3253->3249 3253->3252 3254 4033e2 MulDiv wsprintfW 3253->3254 3256 4060df WriteFile 3253->3256 3255 40559f 24 API calls 3254->3255 3255->3253 3256->3253 3258 4063e7 3257->3258 3259 4063f2 RegCreateKeyExW 3258->3259 3260 4024b6 3258->3260 3259->3260 3260->3223 3260->3224 3260->3225 3262 4060b0 ReadFile 3261->3262 3263 403306 3262->3263 3263->3243 3263->3244 3263->3249 3264->3239 4247 40498a 4248 4049b6 4247->4248 4249 4049c7 4247->4249 4308 405b81 GetDlgItemTextW 4248->4308 4250 4049d3 GetDlgItem 4249->4250 4257 404a32 4249->4257 4253 4049e7 4250->4253 4252 4049c1 4255 4067c4 5 API calls 4252->4255 4256 4049fb SetWindowTextW 4253->4256 4260 405eb7 4 API calls 4253->4260 4254 404b16 4306 404cc5 4254->4306 4310 405b81 GetDlgItemTextW 4254->4310 4255->4249 4261 404499 18 API calls 4256->4261 4257->4254 4262 40657a 17 API calls 4257->4262 4257->4306 4259 404500 8 API calls 4264 404cd9 4259->4264 4265 4049f1 4260->4265 4266 404a17 4261->4266 4267 404aa6 SHBrowseForFolderW 4262->4267 4263 404b46 4268 405f14 18 API calls 4263->4268 4265->4256 4272 405e0c 3 API calls 4265->4272 4269 404499 18 API calls 4266->4269 4267->4254 4270 404abe CoTaskMemFree 4267->4270 4271 404b4c 4268->4271 4273 404a25 4269->4273 4274 405e0c 3 API calls 4270->4274 4311 40653d lstrcpynW 4271->4311 4272->4256 4309 4044ce SendMessageW 4273->4309 4276 404acb 4274->4276 4279 404b02 SetDlgItemTextW 4276->4279 4283 40657a 17 API calls 4276->4283 4278 404a2b 4281 40690a 5 API calls 4278->4281 4279->4254 4280 404b63 4282 40690a 5 API calls 4280->4282 4281->4257 4294 404b6a 4282->4294 4284 404aea lstrcmpiW 4283->4284 4284->4279 4286 404afb lstrcatW 4284->4286 4285 404bab 4312 40653d lstrcpynW 4285->4312 4286->4279 4288 404bb2 4289 405eb7 4 API calls 4288->4289 4290 404bb8 GetDiskFreeSpaceW 4289->4290 4292 404bdc MulDiv 4290->4292 4296 404c03 4290->4296 4292->4296 4293 405e58 2 API calls 4293->4294 4294->4285 4294->4293 4294->4296 4295 404c74 4298 404c97 4295->4298 4300 40140b 2 API calls 4295->4300 4296->4295 4297 404e0f 20 API calls 4296->4297 4299 404c61 4297->4299 4313 4044bb KiUserCallbackDispatcher 4298->4313 4301 404c76 SetDlgItemTextW 4299->4301 4302 404c66 4299->4302 4300->4298 4301->4295 4304 404d46 20 API calls 4302->4304 4304->4295 4305 404cb3 4305->4306 4307 4048e3 SendMessageW 4305->4307 4306->4259 4307->4306 4308->4252 4309->4278 4310->4263 4311->4280 4312->4288 4313->4305 3301 40290b 3302 402da6 17 API calls 3301->3302 3303 402912 FindFirstFileW 3302->3303 3304 402925 3303->3304 3305 40293a 3303->3305 3309 406484 wsprintfW 3305->3309 3307 402943 3310 40653d lstrcpynW 3307->3310 3309->3307 3310->3304 4314 40190c 4315 401943 4314->4315 4316 402da6 17 API calls 4315->4316 4317 401948 4316->4317 4318 405c49 67 API calls 4317->4318 4319 401951 4318->4319 4320 40190f 4321 402da6 17 API calls 4320->4321 4322 401916 4321->4322 4323 405b9d MessageBoxIndirectW 4322->4323 4324 40191f 4323->4324 3598 402891 3599 402898 3598->3599 3600 402ba9 3598->3600 3601 402d84 17 API calls 3599->3601 3602 40289f 3601->3602 3603 4028ae SetFilePointer 3602->3603 3603->3600 3604 4028be 3603->3604 3606 406484 wsprintfW 3604->3606 3606->3600 4325 401491 4326 40559f 24 API calls 4325->4326 4327 401498 4326->4327 3607 403b12 3608 403b2a 3607->3608 3609 403b1c CloseHandle 3607->3609 3614 403b57 3608->3614 3609->3608 3612 405c49 67 API calls 3613 403b3b 3612->3613 3616 403b65 3614->3616 3615 403b2f 3615->3612 3616->3615 3617 403b6a FreeLibrary GlobalFree 3616->3617 3617->3615 3617->3617 4328 401f12 4329 402da6 17 API calls 4328->4329 4330 401f18 4329->4330 4331 402da6 17 API calls 4330->4331 4332 401f21 4331->4332 4333 402da6 17 API calls 4332->4333 4334 401f2a 4333->4334 4335 402da6 17 API calls 4334->4335 4336 401f33 4335->4336 4337 401423 24 API calls 4336->4337 4338 401f3a 4337->4338 4345 405b63 ShellExecuteExW 4338->4345 4340 401f82 4341 40292e 4340->4341 4342 4069b5 5 API calls 4340->4342 4343 401f9f FindCloseChangeNotification 4342->4343 4343->4341 4345->4340 4346 405513 4347 405523 4346->4347 4348 405537 4346->4348 4349 405580 4347->4349 4350 405529 4347->4350 4351 40553f IsWindowVisible 4348->4351 4357 405556 4348->4357 4352 405585 CallWindowProcW 4349->4352 4353 4044e5 SendMessageW 4350->4353 4351->4349 4354 40554c 4351->4354 4355 405533 4352->4355 4353->4355 4356 404e54 5 API calls 4354->4356 4356->4357 4357->4352 4358 404ed4 4 API calls 4357->4358 4358->4349 4359 402f93 4360 402fa5 SetTimer 4359->4360 4361 402fbe 4359->4361 4360->4361 4362 403013 4361->4362 4363 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4361->4363 4363->4362 4364 401d17 4365 402d84 17 API calls 4364->4365 4366 401d1d IsWindow 4365->4366 4367 401a20 4366->4367 3679 403f9a 3680 403fb2 3679->3680 3681 404113 3679->3681 3680->3681 3682 403fbe 3680->3682 3683 404164 3681->3683 3684 404124 GetDlgItem GetDlgItem 3681->3684 3686 403fc9 SetWindowPos 3682->3686 3687 403fdc 3682->3687 3685 4041be 3683->3685 3696 401389 2 API calls 3683->3696 3688 404499 18 API calls 3684->3688 3689 4044e5 SendMessageW 3685->3689 3697 40410e 3685->3697 3686->3687 3690 403fe5 ShowWindow 3687->3690 3691 404027 3687->3691 3692 40414e SetClassLongW 3688->3692 3718 4041d0 3689->3718 3698 4040d1 3690->3698 3699 404005 GetWindowLongW 3690->3699 3693 404046 3691->3693 3694 40402f DestroyWindow 3691->3694 3695 40140b 2 API calls 3692->3695 3701 40404b SetWindowLongW 3693->3701 3702 40405c 3693->3702 3700 404422 3694->3700 3695->3683 3703 404196 3696->3703 3759 404500 3698->3759 3699->3698 3705 40401e ShowWindow 3699->3705 3700->3697 3712 404453 ShowWindow 3700->3712 3701->3697 3702->3698 3706 404068 GetDlgItem 3702->3706 3703->3685 3707 40419a SendMessageW 3703->3707 3705->3691 3710 404096 3706->3710 3711 404079 SendMessageW IsWindowEnabled 3706->3711 3707->3697 3708 40140b 2 API calls 3708->3718 3709 404424 DestroyWindow KiUserCallbackDispatcher 3709->3700 3714 4040a3 3710->3714 3716 4040ea SendMessageW 3710->3716 3717 4040b6 3710->3717 3724 40409b 3710->3724 3711->3697 3711->3710 3712->3697 3713 40657a 17 API calls 3713->3718 3714->3716 3714->3724 3716->3698 3719 4040d3 3717->3719 3720 4040be 3717->3720 3718->3697 3718->3708 3718->3709 3718->3713 3721 404499 18 API calls 3718->3721 3741 404364 DestroyWindow 3718->3741 3750 404499 3718->3750 3722 40140b 2 API calls 3719->3722 3723 40140b 2 API calls 3720->3723 3721->3718 3722->3724 3723->3724 3724->3698 3756 404472 3724->3756 3726 40424b GetDlgItem 3727 404260 3726->3727 3728 404268 ShowWindow KiUserCallbackDispatcher 3726->3728 3727->3728 3753 4044bb KiUserCallbackDispatcher 3728->3753 3730 404292 EnableWindow 3735 4042a6 3730->3735 3731 4042ab GetSystemMenu EnableMenuItem SendMessageW 3732 4042db SendMessageW 3731->3732 3731->3735 3732->3735 3734 403f7b 18 API calls 3734->3735 3735->3731 3735->3734 3754 4044ce SendMessageW 3735->3754 3755 40653d lstrcpynW 3735->3755 3737 40430a lstrlenW 3738 40657a 17 API calls 3737->3738 3739 404320 SetWindowTextW 3738->3739 3740 401389 2 API calls 3739->3740 3740->3718 3741->3700 3742 40437e CreateDialogParamW 3741->3742 3742->3700 3743 4043b1 3742->3743 3744 404499 18 API calls 3743->3744 3745 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3744->3745 3746 401389 2 API calls 3745->3746 3747 404402 3746->3747 3747->3697 3748 40440a ShowWindow 3747->3748 3749 4044e5 SendMessageW 3748->3749 3749->3700 3751 40657a 17 API calls 3750->3751 3752 4044a4 SetDlgItemTextW 3751->3752 3752->3726 3753->3730 3754->3735 3755->3737 3757 404479 3756->3757 3758 40447f SendMessageW 3756->3758 3757->3758 3758->3698 3760 4045c3 3759->3760 3761 404518 GetWindowLongW 3759->3761 3760->3697 3761->3760 3762 40452d 3761->3762 3762->3760 3763 40455a GetSysColor 3762->3763 3764 40455d 3762->3764 3763->3764 3765 404563 SetTextColor 3764->3765 3766 40456d SetBkMode 3764->3766 3765->3766 3767 404585 GetSysColor 3766->3767 3768 40458b 3766->3768 3767->3768 3769 404592 SetBkColor 3768->3769 3770 40459c 3768->3770 3769->3770 3770->3760 3771 4045b6 CreateBrushIndirect 3770->3771 3772 4045af DeleteObject 3770->3772 3771->3760 3772->3771 3773 401b9b 3774 401ba8 3773->3774 3775 401bec 3773->3775 3780 401c31 3774->3780 3781 401bbf 3774->3781 3776 401bf1 3775->3776 3777 401c16 GlobalAlloc 3775->3777 3782 40239d 3776->3782 3794 40653d lstrcpynW 3776->3794 3778 40657a 17 API calls 3777->3778 3778->3780 3779 40657a 17 API calls 3783 402397 3779->3783 3780->3779 3780->3782 3792 40653d lstrcpynW 3781->3792 3788 405b9d MessageBoxIndirectW 3783->3788 3786 401c03 GlobalFree 3786->3782 3787 401bce 3793 40653d lstrcpynW 3787->3793 3788->3782 3790 401bdd 3795 40653d lstrcpynW 3790->3795 3792->3787 3793->3790 3794->3786 3795->3782 4368 40261c 4369 402da6 17 API calls 4368->4369 4370 402623 4369->4370 4373 40602d GetFileAttributesW CreateFileW 4370->4373 4372 40262f 4373->4372 3866 40259e 3867 402de6 17 API calls 3866->3867 3868 4025a8 3867->3868 3869 402d84 17 API calls 3868->3869 3870 4025b1 3869->3870 3871 4025d9 RegEnumValueW 3870->3871 3872 4025cd RegEnumKeyW 3870->3872 3873 40292e 3870->3873 3874 4025ee RegCloseKey 3871->3874 3872->3874 3874->3873 4374 40149e 4375 4014ac PostQuitMessage 4374->4375 4376 40239d 4374->4376 4375->4376 4377 4015a3 4378 402da6 17 API calls 4377->4378 4379 4015aa SetFileAttributesW 4378->4379 4380 4015bc 4379->4380 3190 401fa4 3191 402da6 17 API calls 3190->3191 3192 401faa 3191->3192 3193 40559f 24 API calls 3192->3193 3194 401fb4 3193->3194 3203 405b20 CreateProcessW 3194->3203 3197 40292e 3200 401fcf 3201 401fdd FindCloseChangeNotification 3200->3201 3211 406484 wsprintfW 3200->3211 3201->3197 3204 405b53 CloseHandle 3203->3204 3205 401fba 3203->3205 3204->3205 3205->3197 3205->3201 3206 4069b5 WaitForSingleObject 3205->3206 3207 4069cf 3206->3207 3208 4069e1 GetExitCodeProcess 3207->3208 3212 406946 3207->3212 3208->3200 3211->3201 3213 406963 PeekMessageW 3212->3213 3214 406973 WaitForSingleObject 3213->3214 3215 406959 DispatchMessageW 3213->3215 3214->3207 3215->3213 3265 4021aa 3266 402da6 17 API calls 3265->3266 3267 4021b1 3266->3267 3268 402da6 17 API calls 3267->3268 3269 4021bb 3268->3269 3270 402da6 17 API calls 3269->3270 3271 4021c5 3270->3271 3272 402da6 17 API calls 3271->3272 3273 4021cf 3272->3273 3274 402da6 17 API calls 3273->3274 3275 4021d9 3274->3275 3276 402218 CoCreateInstance 3275->3276 3277 402da6 17 API calls 3275->3277 3280 402237 3276->3280 3277->3276 3278 401423 24 API calls 3279 4022f6 3278->3279 3280->3278 3280->3279 3281 40252a 3292 402de6 3281->3292 3284 402da6 17 API calls 3285 40253d 3284->3285 3286 402548 RegQueryValueExW 3285->3286 3291 40292e 3285->3291 3287 40256e RegCloseKey 3286->3287 3288 402568 3286->3288 3287->3291 3288->3287 3297 406484 wsprintfW 3288->3297 3293 402da6 17 API calls 3292->3293 3294 402dfd 3293->3294 3295 4063aa RegOpenKeyExW 3294->3295 3296 402534 3295->3296 3296->3284 3297->3287 4381 40202a 4382 402da6 17 API calls 4381->4382 4383 402031 4382->4383 4384 40690a 5 API calls 4383->4384 4385 402040 4384->4385 4386 40205c GlobalAlloc 4385->4386 4389 4020cc 4385->4389 4387 402070 4386->4387 4386->4389 4388 40690a 5 API calls 4387->4388 4390 402077 4388->4390 4391 40690a 5 API calls 4390->4391 4392 402081 4391->4392 4392->4389 4396 406484 wsprintfW 4392->4396 4394 4020ba 4397 406484 wsprintfW 4394->4397 4396->4394 4397->4389 4398 403baa 4399 403bb5 4398->4399 4400 403bb9 4399->4400 4401 403bbc GlobalAlloc 4399->4401 4401->4400 3311 40352d SetErrorMode GetVersionExW 3312 4035b7 3311->3312 3313 40357f GetVersionExW 3311->3313 3314 403610 3312->3314 3315 40690a 5 API calls 3312->3315 3313->3312 3316 40689a 3 API calls 3314->3316 3315->3314 3317 403626 lstrlenA 3316->3317 3317->3314 3318 403636 3317->3318 3319 40690a 5 API calls 3318->3319 3320 40363d 3319->3320 3321 40690a 5 API calls 3320->3321 3322 403644 3321->3322 3323 40690a 5 API calls 3322->3323 3327 403650 #17 OleInitialize SHGetFileInfoW 3323->3327 3326 40369d GetCommandLineW 3402 40653d lstrcpynW 3326->3402 3401 40653d lstrcpynW 3327->3401 3329 4036af 3330 405e39 CharNextW 3329->3330 3331 4036d5 CharNextW 3330->3331 3343 4036e6 3331->3343 3332 4037e4 3333 4037f8 GetTempPathW 3332->3333 3403 4034fc 3333->3403 3335 403810 3337 403814 GetWindowsDirectoryW lstrcatW 3335->3337 3338 40386a DeleteFileW 3335->3338 3336 405e39 CharNextW 3336->3343 3339 4034fc 12 API calls 3337->3339 3413 40307d GetTickCount GetModuleFileNameW 3338->3413 3341 403830 3339->3341 3341->3338 3344 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3341->3344 3342 40387d 3346 403a59 ExitProcess OleUninitialize 3342->3346 3348 403932 3342->3348 3356 405e39 CharNextW 3342->3356 3343->3332 3343->3336 3345 4037e6 3343->3345 3347 4034fc 12 API calls 3344->3347 3497 40653d lstrcpynW 3345->3497 3350 403a69 3346->3350 3351 403a7e 3346->3351 3355 403862 3347->3355 3441 403bec 3348->3441 3502 405b9d 3350->3502 3353 403a86 GetCurrentProcess OpenProcessToken 3351->3353 3354 403afc ExitProcess 3351->3354 3359 403acc 3353->3359 3360 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3353->3360 3355->3338 3355->3346 3370 40389f 3356->3370 3363 40690a 5 API calls 3359->3363 3360->3359 3361 403941 3361->3346 3366 403ad3 3363->3366 3364 403908 3367 405f14 18 API calls 3364->3367 3365 403949 3369 405b08 5 API calls 3365->3369 3368 403ae8 ExitWindowsEx 3366->3368 3372 403af5 3366->3372 3371 403914 3367->3371 3368->3354 3368->3372 3373 40394e lstrcatW 3369->3373 3370->3364 3370->3365 3371->3346 3498 40653d lstrcpynW 3371->3498 3506 40140b 3372->3506 3374 40396a lstrcatW lstrcmpiW 3373->3374 3375 40395f lstrcatW 3373->3375 3374->3361 3377 40398a 3374->3377 3375->3374 3379 403996 3377->3379 3380 40398f 3377->3380 3383 405aeb 2 API calls 3379->3383 3382 405a6e 4 API calls 3380->3382 3381 403927 3499 40653d lstrcpynW 3381->3499 3385 403994 3382->3385 3386 40399b SetCurrentDirectoryW 3383->3386 3385->3386 3387 4039b8 3386->3387 3388 4039ad 3386->3388 3501 40653d lstrcpynW 3387->3501 3500 40653d lstrcpynW 3388->3500 3391 40657a 17 API calls 3392 4039fa DeleteFileW 3391->3392 3393 403a06 CopyFileW 3392->3393 3398 4039c5 3392->3398 3393->3398 3394 403a50 3396 4062fd 36 API calls 3394->3396 3395 4062fd 36 API calls 3395->3398 3396->3361 3397 40657a 17 API calls 3397->3398 3398->3391 3398->3394 3398->3395 3398->3397 3399 405b20 2 API calls 3398->3399 3400 403a3a CloseHandle 3398->3400 3399->3398 3400->3398 3401->3326 3402->3329 3404 4067c4 5 API calls 3403->3404 3406 403508 3404->3406 3405 403512 3405->3335 3406->3405 3407 405e0c 3 API calls 3406->3407 3408 40351a 3407->3408 3409 405aeb 2 API calls 3408->3409 3410 403520 3409->3410 3509 40605c 3410->3509 3513 40602d GetFileAttributesW CreateFileW 3413->3513 3415 4030bd 3433 4030cd 3415->3433 3514 40653d lstrcpynW 3415->3514 3417 4030e3 3418 405e58 2 API calls 3417->3418 3419 4030e9 3418->3419 3515 40653d lstrcpynW 3419->3515 3421 4030f4 GetFileSize 3422 4031ee 3421->3422 3440 40310b 3421->3440 3516 403019 3422->3516 3424 4031f7 3426 403227 GlobalAlloc 3424->3426 3424->3433 3528 4034e5 SetFilePointer 3424->3528 3425 4034cf ReadFile 3425->3440 3527 4034e5 SetFilePointer 3426->3527 3428 40325a 3430 403019 6 API calls 3428->3430 3430->3433 3431 403210 3434 4034cf ReadFile 3431->3434 3432 403242 3435 4032b4 31 API calls 3432->3435 3433->3342 3436 40321b 3434->3436 3438 40324e 3435->3438 3436->3426 3436->3433 3437 403019 6 API calls 3437->3440 3438->3433 3438->3438 3439 40328b SetFilePointer 3438->3439 3439->3433 3440->3422 3440->3425 3440->3428 3440->3433 3440->3437 3442 40690a 5 API calls 3441->3442 3443 403c00 3442->3443 3444 403c06 3443->3444 3445 403c18 3443->3445 3544 406484 wsprintfW 3444->3544 3446 40640b 3 API calls 3445->3446 3447 403c48 3446->3447 3449 403c67 lstrcatW 3447->3449 3451 40640b 3 API calls 3447->3451 3450 403c16 3449->3450 3529 403ec2 3450->3529 3451->3449 3454 405f14 18 API calls 3455 403c99 3454->3455 3456 403d2d 3455->3456 3458 40640b 3 API calls 3455->3458 3457 405f14 18 API calls 3456->3457 3459 403d33 3457->3459 3460 403ccb 3458->3460 3461 403d43 LoadImageW 3459->3461 3462 40657a 17 API calls 3459->3462 3460->3456 3465 403cec lstrlenW 3460->3465 3468 405e39 CharNextW 3460->3468 3463 403de9 3461->3463 3464 403d6a RegisterClassW 3461->3464 3462->3461 3467 40140b 2 API calls 3463->3467 3466 403da0 SystemParametersInfoW CreateWindowExW 3464->3466 3496 403df3 3464->3496 3469 403d20 3465->3469 3470 403cfa lstrcmpiW 3465->3470 3466->3463 3474 403def 3467->3474 3472 403ce9 3468->3472 3471 405e0c 3 API calls 3469->3471 3470->3469 3473 403d0a GetFileAttributesW 3470->3473 3476 403d26 3471->3476 3472->3465 3477 403d16 3473->3477 3475 403ec2 18 API calls 3474->3475 3474->3496 3478 403e00 3475->3478 3545 40653d lstrcpynW 3476->3545 3477->3469 3480 405e58 2 API calls 3477->3480 3481 403e0c ShowWindow 3478->3481 3482 403e8f 3478->3482 3480->3469 3484 40689a 3 API calls 3481->3484 3537 405672 OleInitialize 3482->3537 3486 403e24 3484->3486 3485 403e95 3487 403eb1 3485->3487 3488 403e99 3485->3488 3489 403e32 GetClassInfoW 3486->3489 3491 40689a 3 API calls 3486->3491 3490 40140b 2 API calls 3487->3490 3494 40140b 2 API calls 3488->3494 3488->3496 3492 403e46 GetClassInfoW RegisterClassW 3489->3492 3493 403e5c DialogBoxParamW 3489->3493 3490->3496 3491->3489 3492->3493 3495 40140b 2 API calls 3493->3495 3494->3496 3495->3496 3496->3361 3497->3333 3498->3381 3499->3348 3500->3387 3501->3398 3503 405bb2 3502->3503 3504 403a76 ExitProcess 3503->3504 3505 405bc6 MessageBoxIndirectW 3503->3505 3505->3504 3507 401389 2 API calls 3506->3507 3508 401420 3507->3508 3508->3354 3510 406069 GetTickCount GetTempFileNameW 3509->3510 3511 40352b 3510->3511 3512 40609f 3510->3512 3511->3335 3512->3510 3512->3511 3513->3415 3514->3417 3515->3421 3517 403022 3516->3517 3518 40303a 3516->3518 3519 403032 3517->3519 3520 40302b DestroyWindow 3517->3520 3521 403042 3518->3521 3522 40304a GetTickCount 3518->3522 3519->3424 3520->3519 3523 406946 2 API calls 3521->3523 3524 403058 CreateDialogParamW ShowWindow 3522->3524 3525 40307b 3522->3525 3526 403048 3523->3526 3524->3525 3525->3424 3526->3424 3527->3432 3528->3431 3530 403ed6 3529->3530 3546 406484 wsprintfW 3530->3546 3532 403f47 3547 403f7b 3532->3547 3534 403c77 3534->3454 3535 403f4c 3535->3534 3536 40657a 17 API calls 3535->3536 3536->3535 3550 4044e5 3537->3550 3539 405695 3543 4056bc 3539->3543 3553 401389 3539->3553 3540 4044e5 SendMessageW 3541 4056ce OleUninitialize 3540->3541 3541->3485 3543->3540 3544->3450 3545->3456 3546->3532 3548 40657a 17 API calls 3547->3548 3549 403f89 SetWindowTextW 3548->3549 3549->3535 3551 4044fd 3550->3551 3552 4044ee SendMessageW 3550->3552 3551->3539 3552->3551 3555 401390 3553->3555 3554 4013fe 3554->3539 3555->3554 3556 4013cb MulDiv SendMessageW 3555->3556 3556->3555 4402 401a30 4403 402da6 17 API calls 4402->4403 4404 401a39 ExpandEnvironmentStringsW 4403->4404 4405 401a4d 4404->4405 4407 401a60 4404->4407 4406 401a52 lstrcmpW 4405->4406 4405->4407 4406->4407 4413 4023b2 4414 4023c0 4413->4414 4415 4023ba 4413->4415 4417 4023ce 4414->4417 4418 402da6 17 API calls 4414->4418 4416 402da6 17 API calls 4415->4416 4416->4414 4419 402da6 17 API calls 4417->4419 4421 4023dc 4417->4421 4418->4417 4419->4421 4420 402da6 17 API calls 4422 4023e5 WritePrivateProfileStringW 4420->4422 4421->4420 3618 402434 3619 402467 3618->3619 3620 40243c 3618->3620 3621 402da6 17 API calls 3619->3621 3622 402de6 17 API calls 3620->3622 3623 40246e 3621->3623 3624 402443 3622->3624 3629 402e64 3623->3629 3626 40247b 3624->3626 3627 402da6 17 API calls 3624->3627 3628 402454 RegDeleteValueW RegCloseKey 3627->3628 3628->3626 3630 402e71 3629->3630 3631 402e78 3629->3631 3630->3626 3631->3630 3633 402ea9 3631->3633 3634 4063aa RegOpenKeyExW 3633->3634 3635 402ed7 3634->3635 3636 402ee1 3635->3636 3637 402f8c 3635->3637 3638 402ee7 RegEnumValueW 3636->3638 3639 402f0a 3636->3639 3637->3630 3638->3639 3640 402f71 RegCloseKey 3638->3640 3639->3640 3641 402f46 RegEnumKeyW 3639->3641 3642 402f4f RegCloseKey 3639->3642 3645 402ea9 6 API calls 3639->3645 3640->3637 3641->3639 3641->3642 3643 40690a 5 API calls 3642->3643 3644 402f5f 3643->3644 3646 402f81 3644->3646 3647 402f63 RegDeleteKeyW 3644->3647 3645->3639 3646->3637 3647->3637 4423 401735 4424 402da6 17 API calls 4423->4424 4425 40173c SearchPathW 4424->4425 4426 401757 4425->4426 4427 401d38 4428 402d84 17 API calls 4427->4428 4429 401d3f 4428->4429 4430 402d84 17 API calls 4429->4430 4431 401d4b GetDlgItem 4430->4431 4432 402638 4431->4432 4433 4014b8 4434 4014be 4433->4434 4435 401389 2 API calls 4434->4435 4436 4014c6 4435->4436 4437 40263e 4438 402652 4437->4438 4439 40266d 4437->4439 4440 402d84 17 API calls 4438->4440 4441 402672 4439->4441 4442 40269d 4439->4442 4449 402659 4440->4449 4443 402da6 17 API calls 4441->4443 4444 402da6 17 API calls 4442->4444 4446 402679 4443->4446 4445 4026a4 lstrlenW 4444->4445 4445->4449 4454 40655f WideCharToMultiByte 4446->4454 4448 40268d lstrlenA 4448->4449 4450 4026d1 4449->4450 4451 4026e7 4449->4451 4453 40610e 5 API calls 4449->4453 4450->4451 4452 4060df WriteFile 4450->4452 4452->4451 4453->4450 4454->4448

                                                                              Executed Functions

                                                                              Function 0040352D Relevance: 89.7, APIs: 34, Strings: 17, Instructions: 450stringfilecomCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                              • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                              • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                              • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                              • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\3.17.7+SetupWIService.exe",00000020,"C:\Users\user\Desktop\3.17.7+SetupWIService.exe",00000000), ref: 004036D6
                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                              • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.17.7+SetupWIService.exe",00000000,?), ref: 0040397C
                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                              • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\3.17.7+SetupWIService.exe,0042AA28,00000001), ref: 00403A0E
                                                                              • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                              • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                              • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                              • ExitProcess.KERNEL32 ref: 00403A78
                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                              • ExitProcess.KERNEL32 ref: 00403B0C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                              • String ID: "C:\Users\user\Desktop\3.17.7+SetupWIService.exe"$.tmp$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\3.17.7+SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                              • API String ID: 2292928366-2810071270
                                                                              • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                              • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                              • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                              • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004056DE Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread FindCloseChangeNotification 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                              • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                              • GetClientRect.USER32(?,?), ref: 00405788
                                                                              • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                              • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                              • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004058B3
                                                                              • ShowWindow.USER32(00000000), ref: 004058D7
                                                                              • ShowWindow.USER32(00010460,00000008), ref: 004058DC
                                                                              • ShowWindow.USER32(00000008), ref: 00405926
                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                              • CreatePopupMenu.USER32 ref: 0040596B
                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                              • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                              • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                              • EmptyClipboard.USER32 ref: 00405A06
                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                              • CloseClipboard.USER32 ref: 00405A61
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                              • String ID: l"v${
                                                                              • API String ID: 4154960007-4137178900
                                                                              • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                              • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                              • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                              • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                              APIs
                                                                              • DeleteFileW.KERNELBASE(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\*.*,\*.*), ref: 00405CBA
                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                              • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                              • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                              • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\*.*$\*.*
                                                                              • API String ID: 2035342205-1310509145
                                                                              • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                              • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                              • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                              • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNELBASE(74DF3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                              • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFileFirst
                                                                              • String ID: C:\
                                                                              • API String ID: 2295610775-3404278061
                                                                              • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                              • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                              • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                              • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                              Strings
                                                                              • C:\Program Files\Wildix\WIService, xrefs: 00402269
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInstance
                                                                              • String ID: C:\Program Files\Wildix\WIService
                                                                              • API String ID: 542301482-2436880260
                                                                              • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                              • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                              • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                              • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FileFindFirst
                                                                              • String ID:
                                                                              • API String ID: 1974802433-0
                                                                              • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                              • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                              • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                              • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403F9A Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                              APIs
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                              • ShowWindow.USER32(?), ref: 00403FF6
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                              • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                              • DestroyWindow.USER32 ref: 00404035
                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                              • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                              • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                              • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                              • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                              • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                              • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                              • EnableWindow.USER32(?,?), ref: 0040429C
                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                              • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                              • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                              • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                              • String ID: l"v
                                                                              • API String ID: 121052019-2690152831
                                                                              • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                              • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                              • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                              • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cc6 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 323 403ccb-403cd4 319->323 323->318 326 403cd6-403cda 323->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                              APIs
                                                                                • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                              • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                              • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
                                                                              • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                              • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files\Wildix\WIService), ref: 00403D54
                                                                                • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                              • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                              • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                              • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                              • API String ID: 1975747703-1539894144
                                                                              • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                              • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                              • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                              • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 0040308E
                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                              • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                              • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\3.17.7+SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                              • API String ID: 2803837635-1930116640
                                                                              • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                              • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                              • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                              • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                              APIs
                                                                              • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                              • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00000000,00425020,74DF23A0), ref: 004066A8
                                                                              • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                              • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000), ref: 00406779
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                              • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                              • API String ID: 4260037668-426607078
                                                                              • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                              • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                              • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                              • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-40349a call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403413 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 619 403418 610->619 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 619->609 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CountTick$wsprintf
                                                                              • String ID: *B$ PB$ A$ A$... %d%%$}8@
                                                                              • API String ID: 551687249-3288948294
                                                                              • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                              • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                              • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                              • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                              APIs
                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files\Wildix\WIService,?,?,00000031), ref: 004017D5
                                                                                • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00403418), ref: 004055FA
                                                                                • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\), ref: 0040560C
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                              • String ID: C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\nsx1D02.tmp$C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\System.dll$Call
                                                                              • API String ID: 1941528284-2226074540
                                                                              • Opcode ID: 3dea8835135b3834e701fe10f85874e2ee0770673dec5a47873efbfea76d0da0
                                                                              • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                              • Opcode Fuzzy Hash: 3dea8835135b3834e701fe10f85874e2ee0770673dec5a47873efbfea76d0da0
                                                                              • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                              • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                              • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00403418), ref: 004055FA
                                                                              • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\), ref: 0040560C
                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000), ref: 00406779
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                              • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\
                                                                              • API String ID: 1495540970-3687355968
                                                                              • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                              • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                              • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                              • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 705 40689a-4068ba GetSystemDirectoryW 706 4068bc 705->706 707 4068be-4068c0 705->707 706->707 708 4068d1-4068d3 707->708 709 4068c2-4068cb 707->709 711 4068d4-406907 wsprintfW LoadLibraryExW 708->711 709->708 710 4068cd-4068cf 709->710 710->711
                                                                              APIs
                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                              • wsprintfW.USER32 ref: 004068EC
                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                              • API String ID: 2200240437-1946221925
                                                                              • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                              • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                              • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                              • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 712 405a6e-405ab9 CreateDirectoryW 713 405abb-405abd 712->713 714 405abf-405acc GetLastError 712->714 715 405ae6-405ae8 713->715 714->715 716 405ace-405ae2 SetFileSecurityW 714->716 716->713 717 405ae4 GetLastError 716->717 717->715
                                                                              APIs
                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                              • GetLastError.KERNEL32 ref: 00405AC5
                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                              • GetLastError.KERNEL32 ref: 00405AE4
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 3449924974-3081826266
                                                                              • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                              • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                              • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                              • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 718 402ea9-402ed2 call 4063aa 720 402ed7-402edb 718->720 721 402ee1-402ee5 720->721 722 402f8c-402f90 720->722 723 402ee7-402f08 RegEnumValueW 721->723 724 402f0a-402f1d 721->724 723->724 725 402f71-402f7f RegCloseKey 723->725 726 402f46-402f4d RegEnumKeyW 724->726 725->722 727 402f1f-402f21 726->727 728 402f4f-402f61 RegCloseKey call 40690a 726->728 727->725 730 402f23-402f37 call 402ea9 727->730 733 402f81-402f87 728->733 734 402f63-402f6f RegDeleteKeyW 728->734 730->728 736 402f39-402f45 730->736 733->722 734->722 736->726
                                                                              APIs
                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseEnum$DeleteValue
                                                                              • String ID:
                                                                              • API String ID: 1354259210-0
                                                                              • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                              • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                              • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                              • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 737 401d81-401d85 738 401d94-401d9a GetDlgItem 737->738 739 401d87-401d92 call 402d84 737->739 740 401da0-401dcc 738->740 739->740 743 401dd7 740->743 744 401dce-401dd5 call 402da6 740->744 746 401ddb-401e31 GetClientRect LoadImageW SendMessageW 743->746 744->746 748 401e33-401e36 746->748 749 401e3f-401e42 746->749 748->749 750 401e38-401e39 DeleteObject 748->750 751 401e48 749->751 752 402c2a-402c39 749->752 750->749 751->752
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                              • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                              • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                              • String ID:
                                                                              • API String ID: 1849352358-0
                                                                              • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                              • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                              • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                              • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 755 401c43-401c63 call 402d84 * 2 760 401c65-401c6c call 402da6 755->760 761 401c6f-401c73 755->761 760->761 763 401c75-401c7c call 402da6 761->763 764 401c7f-401c85 761->764 763->764 767 401cd3-401cfd call 402da6 * 2 FindWindowExW 764->767 768 401c87-401ca3 call 402d84 * 2 764->768 778 401d03 767->778 779 401cc3-401cd1 SendMessageW 768->779 780 401ca5-401cc1 SendMessageTimeoutW 768->780 781 401d06-401d09 778->781 779->778 780->781 782 402c2a-402c39 781->782 783 401d0f 781->783 783->782
                                                                              APIs
                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Timeout
                                                                              • String ID: !
                                                                              • API String ID: 1777923405-2657877971
                                                                              • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                              • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                              • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                              • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004020D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00403418), ref: 004055FA
                                                                                • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\), ref: 0040560C
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                              • String ID: Xi{
                                                                              • API String ID: 334405425-3993427520
                                                                              • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                              • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                              • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                              • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsx1D02.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsx1D02.tmp,00000000,00000011,00000002), ref: 00402515
                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsx1D02.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseValuelstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp
                                                                              • API String ID: 2655323295-898971889
                                                                              • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                              • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                              • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                              • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                              • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                              • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                              • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 3248276644-3049482934
                                                                              • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                              • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                              • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                              • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 0040607A
                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CountFileNameTempTick
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                              • API String ID: 1716503409-678247507
                                                                              • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                              • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                              • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                              • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401B9B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalFree.KERNEL32(007B6958), ref: 00401C0B
                                                                              • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000), ref: 00406779
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Global$AllocFreelstrcatlstrlen
                                                                              • String ID: Call$Xi{
                                                                              • API String ID: 3292104215-4061280096
                                                                              • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                              • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                              • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                              • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Program Files\Wildix\WIService,?,00000000,000000F0), ref: 0040164D
                                                                              Strings
                                                                              • C:\Program Files\Wildix\WIService, xrefs: 00401640
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                              • String ID: C:\Program Files\Wildix\WIService
                                                                              • API String ID: 1892508949-2436880260
                                                                              • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                              • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                              • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                              • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401F12 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                • Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                              • String ID: @$C:\Program Files\Wildix\WIService
                                                                              • API String ID: 4215836453-3745962701
                                                                              • Opcode ID: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                              • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                              • Opcode Fuzzy Hash: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                              • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                              • RegCloseKey.KERNELBASE(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\), ref: 0040645C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseQueryValue
                                                                              • String ID: Remove folder:
                                                                              • API String ID: 3356406503-1958208860
                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                              • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                              • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNELBASE(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                              • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Free$GlobalLibrary
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 1100898210-3081826266
                                                                              • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                              • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                              • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                              • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                              • RegEnumValueW.KERNELBASE(00000000,00000000,?,?), ref: 004025E4
                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsx1D02.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Enum$CloseValue
                                                                              • String ID:
                                                                              • API String ID: 397863658-0
                                                                              • Opcode ID: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                              • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                              • Opcode Fuzzy Hash: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                              • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00406008: GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                • Part of subcall function 00406008: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                              • DeleteFileW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                              • String ID:
                                                                              • API String ID: 1655745494-0
                                                                              • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                              • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                              • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                              • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004069B5 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069DB
                                                                              • GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                              • String ID:
                                                                              • API String ID: 2567322000-0
                                                                              • Opcode ID: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                              • Instruction ID: f5f2e02d25af80b97bb350a16654da7f97250589dc800b1049f4071f8343982b
                                                                              • Opcode Fuzzy Hash: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                              • Instruction Fuzzy Hash: 0CE0D8B1A00118FBDB109F54DE05E9E7B6EDF44750F110033FA01B6590D7B19E25DB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: x
                                                                              • API String ID: 3850602802-2363233923
                                                                              • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                              • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                              • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                              • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                              • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsx1D02.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseQueryValue
                                                                              • String ID:
                                                                              • API String ID: 3356406503-0
                                                                              • Opcode ID: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                              • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                              • Opcode Fuzzy Hash: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                              • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                              • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                              • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                              • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegDeleteValueW.KERNELBASE(00000000,00000000,00000033), ref: 00402456
                                                                              • RegCloseKey.KERNELBASE(00000000), ref: 0040245F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseDeleteValue
                                                                              • String ID:
                                                                              • API String ID: 2831762973-0
                                                                              • Opcode ID: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                              • Instruction ID: 30df5d2aec36195d54007c6df5f336708121daf1b93815cec1e8c6dbc8099d71
                                                                              • Opcode Fuzzy Hash: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                              • Instruction Fuzzy Hash: 22F0C232A00120EBDB11ABB89B4DAED72A8AF84314F15443BE141B71C0DAFC5D01866D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405672 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OleInitialize.OLE32(00000000), ref: 00405682
                                                                                • Part of subcall function 004044E5: SendMessageW.USER32(000804A0,00000000,00000000,00000000), ref: 004044F7
                                                                              • OleUninitialize.OLE32(00000404,00000000,?,00000000,?), ref: 004056CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeMessageSendUninitialize
                                                                              • String ID:
                                                                              • API String ID: 2896919175-0
                                                                              • Opcode ID: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                              • Instruction ID: 6be4ff692d487ef8b3e25caebddd25c5d55207980f196ef2193ccf2f8785d180
                                                                              • Opcode Fuzzy Hash: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                              • Instruction Fuzzy Hash: B3F0F0765006009AE6115B95A901BA677A8EBD4316F49883AEF88632E0CB365C418A1C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnableShow
                                                                              • String ID:
                                                                              • API String ID: 1136574915-0
                                                                              • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                              • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                              • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                              • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                              • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateHandleProcess
                                                                              • String ID:
                                                                              • API String ID: 3712363035-0
                                                                              • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                              • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                              • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                              • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                              • String ID:
                                                                              • API String ID: 2547128583-0
                                                                              • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                              • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                              • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                              • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: File$AttributesCreate
                                                                              • String ID:
                                                                              • API String ID: 415043291-0
                                                                              • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                              • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                              • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                              • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile
                                                                              • String ID:
                                                                              • API String ID: 3188754299-0
                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                              • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                              • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\, xrefs: 00403B31
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\
                                                                              • API String ID: 2962429428-2052105696
                                                                              • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                              • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                              • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                              • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                              • GetLastError.KERNEL32 ref: 00405AFF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectoryErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1375471231-0
                                                                              • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                              • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                              • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                              • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000,00425020,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00403418), ref: 004055FA
                                                                                • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\), ref: 0040560C
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                • Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                                                                                • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                • Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                              • String ID:
                                                                              • API String ID: 1543427666-0
                                                                              • Opcode ID: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                              • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                              • Opcode Fuzzy Hash: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                              • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                                                • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FilePointerwsprintf
                                                                              • String ID:
                                                                              • API String ID: 327478801-0
                                                                              • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                              • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                              • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                              • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004028DE Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindNextFileW.KERNELBASE(00000000,?,?), ref: 004028F2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FileFindNext
                                                                              • String ID:
                                                                              • API String ID: 2029273394-0
                                                                              • Opcode ID: 5a0eca54d12d830a6cf0b67cd5981ecab404d45d89ec6f49a99563b0e2ede8d6
                                                                              • Instruction ID: db9f6404ebf4ce2de6069d57e227025b0e6a75b8a6eb25932bbfae1af7e2135c
                                                                              • Opcode Fuzzy Hash: 5a0eca54d12d830a6cf0b67cd5981ecab404d45d89ec6f49a99563b0e2ede8d6
                                                                              • Instruction Fuzzy Hash: 3EE0E572A041159BDB11DFA5ED88AAE7374EF40314F20447BD102F61D0E7B85A55AB1D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                              • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                              • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                              • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite
                                                                              • String ID:
                                                                              • API String ID: 3934441357-0
                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                              • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                              • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FileRead
                                                                              • String ID:
                                                                              • API String ID: 2738559852-0
                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                              • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                              • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                              • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                              • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                              • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000), ref: 00406779
                                                                              • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ItemTextlstrcatlstrlen
                                                                              • String ID:
                                                                              • API String ID: 281422827-0
                                                                              • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                              • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                              • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                              • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(000804A0,00000000,00000000,00000000), ref: 004044F7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                              • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                              • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                              • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                              • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                              • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                              • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: FilePointer
                                                                              • String ID:
                                                                              • API String ID: 973152223-0
                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CallbackDispatcherUser
                                                                              • String ID:
                                                                              • API String ID: 2492992576-0
                                                                              • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                              • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                              • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                              • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                              • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                              • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                              • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 0040498A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                              • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                              • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                              • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                              • String ID: A$C:\Program Files\Wildix\WIService$Remove folder: $l"v
                                                                              • API String ID: 2624150263-4079093875
                                                                              • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                              • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                              • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                              • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                              • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                              • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                              • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                              • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                              • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                              • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                              • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                              • DeleteObject.GDI32(00000000), ref: 00405000
                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                              • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                              • GlobalFree.KERNEL32(?), ref: 00405340
                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                              • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                              • ShowWindow.USER32(00000000), ref: 004054FC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                              • String ID: $M$N
                                                                              • API String ID: 2564846305-813528018
                                                                              • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                              • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                              • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                              • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404658 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                              • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                              • GetSysColor.USER32(?), ref: 00404738
                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                              • lstrlenW.KERNEL32(?), ref: 00404759
                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                              • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                              • SendMessageW.USER32(00000000), ref: 004047DB
                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                              • SetCursor.USER32(00000000), ref: 0040485A
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                              • SetCursor.USER32(00000000), ref: 00404876
                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                              • String ID: N$Remove folder: $l"v
                                                                              • API String ID: 3103080414-1797299940
                                                                              • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                              • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                              • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                              • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                              • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                              • String ID: F
                                                                              • API String ID: 941294808-1304234792
                                                                              • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                              • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                              • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                              • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                              • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                              • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                              • wsprintfA.USER32 ref: 00406202
                                                                              • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                              • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                              • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                              • String ID: %ls=%ls$[Rename]
                                                                              • API String ID: 2171350718-461813615
                                                                              • Opcode ID: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                              • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                              • Opcode Fuzzy Hash: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                              • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                              • GetSysColor.USER32(00000000), ref: 0040455B
                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                              • SetBkMode.GDI32(?,?), ref: 00404573
                                                                              • GetSysColor.USER32(?), ref: 00404586
                                                                              • SetBkColor.GDI32(?,?), ref: 00404596
                                                                              • DeleteObject.GDI32(?), ref: 004045B0
                                                                              • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                              • String ID:
                                                                              • API String ID: 2320649405-0
                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                              • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                              • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                              • String ID: 9
                                                                              • API String ID: 163830602-2366072709
                                                                              • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                              • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                              • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                              • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                              • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                              • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                              • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Char$Next$Prev
                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 589700163-4010320282
                                                                              • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                              • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                              • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                              • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                              • GetMessagePos.USER32 ref: 00404E77
                                                                              • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Send$ClientScreen
                                                                              • String ID: f
                                                                              • API String ID: 41195575-1993550816
                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                              • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                              • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\,00000000), ref: 00406779
                                                                              • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                              • String ID: MS Shell Dlg
                                                                              • API String ID: 2584051700-76309092
                                                                              • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                              • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                              • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                              • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                              • MulDiv.KERNEL32(0184D89A,00000064,018501D0), ref: 00402FDC
                                                                              • wsprintfW.USER32 ref: 00402FEC
                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                              Strings
                                                                              • verifying installer: %d%%, xrefs: 00402FE6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                              • String ID: verifying installer: %d%%
                                                                              • API String ID: 1451636040-82062127
                                                                              • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                              • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                              • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                              • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                              • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                              • String ID:
                                                                              • API String ID: 2667972263-0
                                                                              • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                              • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                              • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                              • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                              • wsprintfW.USER32 ref: 00404DF0
                                                                              • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                              • String ID: %u.%u%s%s
                                                                              • API String ID: 3540041739-3551169577
                                                                              • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                              • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                              • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                              • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                              • CharNextW.USER32(00000000), ref: 00405ECA
                                                                              • CharNextW.USER32(00000000), ref: 00405EE2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CharNext
                                                                              • String ID: C:\
                                                                              • API String ID: 3213498283-3404278061
                                                                              • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                              • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                              • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                              • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                              Strings
                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                              • API String ID: 2659869361-3081826266
                                                                              • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                              • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                              • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                              • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\System.dll), ref: 00402695
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: lstrlen
                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsx1D02.tmp$C:\Users\user\AppData\Local\Temp\nsx1D02.tmp\System.dll
                                                                              • API String ID: 1659193697-2525939446
                                                                              • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                              • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                              • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                              • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                              • GetTickCount.KERNEL32 ref: 0040304A
                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                              • String ID:
                                                                              • API String ID: 2102729457-0
                                                                              • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                              • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                              • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                              • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 00405542
                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                • Part of subcall function 004044E5: SendMessageW.USER32(000804A0,00000000,00000000,00000000), ref: 004044F7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                              • String ID:
                                                                              • API String ID: 3748168415-3916222277
                                                                              • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                              • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                              • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                              • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,C:\Users\user\Desktop\3.17.7+SetupWIService.exe,80000000,00000003), ref: 00405E6E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: CharPrevlstrlen
                                                                              • String ID: C:\Users\user\Desktop
                                                                              • API String ID: 2709904686-224404859
                                                                              • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                              • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                              • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                              • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                              • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2841452514.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                              • Associated: 00000000.00000002.2841418401.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841482172.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841510961.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2841698615.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                              Similarity
                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 190613189-0
                                                                              • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                              • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                              • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                              • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Execution Graph

                                                                              Execution Coverage:2.9%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:0.3%
                                                                              Total number of Nodes:945
                                                                              Total number of Limit Nodes:59
                                                                              execution_graph 38784 7ffe0bef488c 38793 7ffe0bef4650 38784->38793 38785 7ffe0bef487f 38851 7ffe0bf50080 38785->38851 38789 7ffe0bf00950 57 API calls 38789->38793 38790 7ffe0bf6f500 52 API calls _invalid_parameter_noinfo_noreturn 38790->38793 38793->38785 38793->38789 38793->38790 38795 7ffe0bef2230 38793->38795 38808 7ffe0bef3270 38793->38808 38833 7ffe0bef84b0 38793->38833 38850 7ffe0befb150 54 API calls 38793->38850 38796 7ffe0bef227c 38795->38796 38860 7ffe0bf27a60 38796->38860 38798 7ffe0bef2335 38799 7ffe0bef23ad 38798->38799 38801 7ffe0bef2410 38798->38801 38800 7ffe0bef23ed 38799->38800 38803 7ffe0bef2415 38799->38803 38802 7ffe0bf50080 DName::DName 8 API calls 38800->38802 38869 7ffe0bf6f500 38801->38869 38804 7ffe0bef2403 38802->38804 38806 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 38803->38806 38804->38793 38807 7ffe0bef241b 38806->38807 38809 7ffe0bef32b5 38808->38809 38822 7ffe0bef3294 _LStrxfrm 38808->38822 38810 7ffe0bef32c8 38809->38810 38811 7ffe0bef33be 38809->38811 38813 7ffe0bef3311 38810->38813 38816 7ffe0bef333d 38810->38816 38817 7ffe0bef3304 38810->38817 38901 7ffe0bef3150 54 API calls _Maklocstr 38811->38901 38892 7ffe0bf4f98c 38813->38892 38814 7ffe0bef33c3 38902 7ffe0bef3130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 38814->38902 38819 7ffe0bf4f98c std::_Facet_Register 4 API calls 38816->38819 38821 7ffe0bef3326 _LStrxfrm 38816->38821 38817->38813 38817->38814 38819->38821 38820 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 38829 7ffe0bef33cf 38820->38829 38821->38820 38821->38822 38822->38793 38823 7ffe0bef3270 85 API calls 38823->38829 38824 7ffe0bf00950 57 API calls 38824->38829 38825 7ffe0bf6f500 52 API calls _invalid_parameter_noinfo_noreturn 38825->38829 38827 7ffe0bef84b0 71 API calls 38827->38829 38829->38823 38829->38824 38829->38825 38829->38827 38830 7ffe0bef36e9 38829->38830 38903 7ffe0bef2420 54 API calls 3 library calls 38829->38903 38904 7ffe0bef8b40 69 API calls 5 library calls 38829->38904 38831 7ffe0bf50080 DName::DName 8 API calls 38830->38831 38832 7ffe0bef374f 38831->38832 38832->38793 38834 7ffe0bef8523 38833->38834 38835 7ffe0bef84df 38833->38835 38910 7ffe0bf4fed8 5 API calls shared_ptr 38834->38910 38835->38793 38850->38793 38852 7ffe0bf50089 38851->38852 38853 7ffe0bef48e2 38852->38853 38854 7ffe0bf501ec IsProcessorFeaturePresent 38852->38854 38855 7ffe0bf50204 38854->38855 38911 7ffe0bf503e0 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 38855->38911 38857 7ffe0bf50217 38912 7ffe0bf501b8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 38857->38912 38874 7ffe0bf1c630 38860->38874 38862 7ffe0bf27ad3 std::bad_exception::bad_exception 38863 7ffe0bf27b1b 38862->38863 38865 7ffe0bf27b44 38862->38865 38864 7ffe0bf50080 DName::DName 8 API calls 38863->38864 38866 7ffe0bf27b33 38864->38866 38867 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 38865->38867 38866->38798 38868 7ffe0bf27b49 38867->38868 38886 7ffe0bf6f378 52 API calls 2 library calls 38869->38886 38871 7ffe0bf6f519 38887 7ffe0bf6f530 IsProcessorFeaturePresent 38871->38887 38875 7ffe0bf1c656 38874->38875 38876 7ffe0bf1c6d9 38874->38876 38875->38876 38879 7ffe0bf1c660 38875->38879 38885 7ffe0bf1b1e0 54 API calls std::bad_exception::bad_exception 38876->38885 38878 7ffe0bf1c6d7 38878->38862 38880 7ffe0bf1c6ae 38879->38880 38883 7ffe0bf279b0 54 API calls 3 library calls 38879->38883 38884 7ffe0bf1cbd0 8 API calls 2 library calls 38880->38884 38884->38878 38885->38878 38886->38871 38888 7ffe0bf6f543 38887->38888 38891 7ffe0bf6f214 14 API calls 3 library calls 38888->38891 38890 7ffe0bf6f55e GetCurrentProcess TerminateProcess 38891->38890 38894 7ffe0bf4f997 38892->38894 38893 7ffe0bf4f9b0 38893->38821 38894->38893 38896 7ffe0bf4f9b6 38894->38896 38905 7ffe0bf7fec8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 38894->38905 38899 7ffe0bf4f9c1 38896->38899 38906 7ffe0bf27c50 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 38896->38906 38907 7ffe0bef3130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 38899->38907 38903->38829 38904->38829 38905->38894 38911->38857 38913 7ffe0bf135d0 38920 7ffe0bf75e3c 38913->38920 38917 7ffe0bf13642 38918 7ffe0bf50080 DName::DName 8 API calls 38917->38918 38919 7ffe0bf1368e 38918->38919 38926 7ffe0bf814e4 38920->38926 38923 7ffe0bf13609 38925 7ffe0bf7662c 57 API calls _Wcsftime 38923->38925 38925->38917 38966 7ffe0bf81b40 GetLastError 38926->38966 38928 7ffe0bf814ef 38929 7ffe0bf8151c 38928->38929 38931 7ffe0bf81500 38928->38931 38932 7ffe0bf75e53 38928->38932 38985 7ffe0bf7531c 11 API calls std::_Stofx_v2 38929->38985 38983 7ffe0bf87a24 12 API calls 3 library calls 38931->38983 38932->38923 38937 7ffe0bf75b3c 38932->38937 38934 7ffe0bf81508 38984 7ffe0bf835a8 11 API calls 2 library calls 38934->38984 38936 7ffe0bf81513 38936->38929 38936->38932 38938 7ffe0bf75b52 38937->38938 38939 7ffe0bf75b6d 38937->38939 39004 7ffe0bf7531c 11 API calls std::_Stofx_v2 38938->39004 38939->38938 38941 7ffe0bf75b86 38939->38941 38942 7ffe0bf75b8c 38941->38942 38945 7ffe0bf75ba9 38941->38945 39006 7ffe0bf7531c 11 API calls std::_Stofx_v2 38942->39006 38943 7ffe0bf75b57 39005 7ffe0bf6f4e0 52 API calls _invalid_parameter_noinfo 38943->39005 38998 7ffe0bf86d84 38945->38998 38949 7ffe0bf75e23 38950 7ffe0bf6f530 _invalid_parameter_noinfo_noreturn 17 API calls 38949->38950 38952 7ffe0bf75e38 38950->38952 38954 7ffe0bf814e4 12 API calls 38952->38954 38953 7ffe0bf75bd4 38953->38949 39008 7ffe0bf86de4 52 API calls 2 library calls 38953->39008 38956 7ffe0bf75e53 38954->38956 38958 7ffe0bf75e68 38956->38958 38960 7ffe0bf75b3c 53 API calls 38956->38960 38957 7ffe0bf75be5 38957->38949 38959 7ffe0bf75bed 38957->38959 38958->38923 38961 7ffe0bf75c06 38959->38961 38962 7ffe0bf75c66 38959->38962 38960->38958 38965 7ffe0bf75b63 38961->38965 39009 7ffe0bf879c4 52 API calls _isindst 38961->39009 38962->38965 39010 7ffe0bf879c4 52 API calls _isindst 38962->39010 38965->38923 38967 7ffe0bf81b81 FlsSetValue 38966->38967 38972 7ffe0bf81b64 38966->38972 38968 7ffe0bf81b93 38967->38968 38971 7ffe0bf81b71 38967->38971 38986 7ffe0bf835e4 38968->38986 38969 7ffe0bf81bed SetLastError 38969->38928 38971->38969 38972->38967 38972->38971 38974 7ffe0bf81bc0 FlsSetValue 38976 7ffe0bf81bde 38974->38976 38977 7ffe0bf81bcc FlsSetValue 38974->38977 38975 7ffe0bf81bb0 FlsSetValue 38978 7ffe0bf81bb9 38975->38978 38994 7ffe0bf81734 11 API calls std::_Stofx_v2 38976->38994 38977->38978 38993 7ffe0bf835a8 11 API calls 2 library calls 38978->38993 38981 7ffe0bf81be6 38995 7ffe0bf835a8 11 API calls 2 library calls 38981->38995 38983->38934 38984->38936 38985->38932 38991 7ffe0bf835f5 _Wcsftime 38986->38991 38987 7ffe0bf83646 38997 7ffe0bf7531c 11 API calls std::_Stofx_v2 38987->38997 38988 7ffe0bf8362a RtlAllocateHeap 38989 7ffe0bf81ba2 38988->38989 38988->38991 38989->38974 38989->38975 38991->38987 38991->38988 38996 7ffe0bf7fec8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 38991->38996 38993->38971 38994->38981 38995->38969 38996->38991 38997->38989 38999 7ffe0bf75bc3 38998->38999 39000 7ffe0bf86d8d 38998->39000 38999->38949 39007 7ffe0bf86db4 52 API calls 2 library calls 38999->39007 39011 7ffe0bf7531c 11 API calls std::_Stofx_v2 39000->39011 39002 7ffe0bf86d92 39012 7ffe0bf6f4e0 52 API calls _invalid_parameter_noinfo 39002->39012 39004->38943 39005->38965 39006->38965 39007->38953 39008->38957 39009->38965 39010->38965 39011->39002 39012->38999 39013 7ffe0bef1b48 39014 7ffe0bef1b56 39013->39014 39015 7ffe0bef1b82 39013->39015 39014->39015 39017 7ffe0bef1be5 39014->39017 39016 7ffe0bef1bc2 39015->39016 39019 7ffe0bef1bea 39015->39019 39018 7ffe0bf50080 DName::DName 8 API calls 39016->39018 39021 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39017->39021 39020 7ffe0bef1bd8 39018->39020 39022 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39019->39022 39021->39019 39023 7ffe0bef1bf0 39022->39023 39024 7ffe0bf27a60 std::bad_exception::bad_exception 54 API calls 39023->39024 39025 7ffe0bef1cc9 39024->39025 39027 7ffe0bef1d53 39025->39027 39029 7ffe0bef1db6 39025->39029 39026 7ffe0bef1d93 39028 7ffe0bf50080 DName::DName 8 API calls 39026->39028 39027->39026 39030 7ffe0bef1dbb 39027->39030 39031 7ffe0bef1da9 39028->39031 39032 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39029->39032 39033 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39030->39033 39032->39030 39034 7ffe0bef1dc1 39033->39034 39035 7ffe0bf87900 39046 7ffe0bf8e9b0 39035->39046 39038 7ffe0bf8796d 39041 7ffe0bf6f530 _invalid_parameter_noinfo_noreturn 17 API calls 39038->39041 39039 7ffe0bf87936 39056 7ffe0bf8a024 WideCharToMultiByte 39039->39056 39043 7ffe0bf8797f 39041->39043 39055 7ffe0bf7cc08 EnterCriticalSection 39043->39055 39045 7ffe0bf87997 39051 7ffe0bf8e9cd 39046->39051 39047 7ffe0bf8e9d2 39048 7ffe0bf87930 39047->39048 39057 7ffe0bf7531c 11 API calls std::_Stofx_v2 39047->39057 39048->39038 39048->39039 39050 7ffe0bf8e9dc 39058 7ffe0bf6f4e0 52 API calls _invalid_parameter_noinfo 39050->39058 39051->39047 39051->39048 39053 7ffe0bf8ea1e 39051->39053 39053->39048 39059 7ffe0bf7531c 11 API calls std::_Stofx_v2 39053->39059 39057->39050 39058->39048 39059->39050 39060 7ffe0bef51c4 39061 7ffe0bef51cf 39060->39061 39062 7ffe0bef3270 85 API calls 39061->39062 39064 7ffe0bef51df 39062->39064 39063 7ffe0bef5222 39066 7ffe0bef524a 39063->39066 39067 7ffe0bef52a8 39063->39067 39064->39063 39065 7ffe0bef5340 39064->39065 39068 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39065->39068 39075 7ffe0bef528a 39066->39075 39131 7ffe0bef2660 39066->39131 39070 7ffe0bef2660 54 API calls 39067->39070 39069 7ffe0bef5345 39068->39069 39073 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39069->39073 39070->39075 39074 7ffe0bef534b OutputDebugStringA 39073->39074 39076 7ffe0bef53e4 39074->39076 39075->39069 39079 7ffe0bef5314 39075->39079 39080 7ffe0bef3270 85 API calls 39076->39080 39081 7ffe0bef540f 39076->39081 39077 7ffe0bf50080 DName::DName 8 API calls 39078 7ffe0bef532f 39077->39078 39079->39077 39080->39081 39082 7ffe0bef545b 39081->39082 39085 7ffe0bef57cc 39081->39085 39144 7ffe0bf00950 39082->39144 39084 7ffe0bef5490 39164 7ffe0bef1dd0 39084->39164 39087 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39085->39087 39089 7ffe0bef57d1 39087->39089 39091 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39089->39091 39090 7ffe0bef54f3 39092 7ffe0bef84b0 71 API calls 39090->39092 39098 7ffe0bef551c 39091->39098 39093 7ffe0bef54fd 39092->39093 39094 7ffe0bf00950 57 API calls 39093->39094 39096 7ffe0bef5510 39094->39096 39095 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39102 7ffe0bef555b 39095->39102 39177 7ffe0befaa90 39096->39177 39098->39095 39098->39102 39100 7ffe0bef5588 39103 7ffe0bef2660 54 API calls 39100->39103 39102->39100 39182 7ffe0bf4fed8 5 API calls shared_ptr 39102->39182 39107 7ffe0bef56fb 39103->39107 39108 7ffe0bef574d 39107->39108 39112 7ffe0bef5855 39107->39112 39110 7ffe0bf50080 DName::DName 8 API calls 39108->39110 39113 7ffe0bef57bb 39110->39113 39114 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39112->39114 39115 7ffe0bef585a 39114->39115 39116 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39115->39116 39117 7ffe0bef5860 39116->39117 39118 7ffe0bef3270 85 API calls 39117->39118 39120 7ffe0bef5918 39117->39120 39118->39120 39119 7ffe0bef5964 39183 7ffe0bef2cc0 54 API calls 4 library calls 39119->39183 39120->39119 39122 7ffe0bef5a51 39120->39122 39123 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39122->39123 39124 7ffe0bef5a56 39123->39124 39128 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39124->39128 39125 7ffe0bef59e8 39125->39124 39126 7ffe0bef5a30 39125->39126 39127 7ffe0bf50080 DName::DName 8 API calls 39126->39127 39129 7ffe0bef5a46 39127->39129 39130 7ffe0bef5a5c 39128->39130 39132 7ffe0bef26e1 39131->39132 39132->39132 39133 7ffe0bf27a60 std::bad_exception::bad_exception 54 API calls 39132->39133 39134 7ffe0bef2729 39133->39134 39135 7ffe0bef27b3 39134->39135 39138 7ffe0bef2816 39134->39138 39136 7ffe0bef27f3 39135->39136 39139 7ffe0bef281b 39135->39139 39137 7ffe0bf50080 DName::DName 8 API calls 39136->39137 39140 7ffe0bef2809 DisableThreadLibraryCalls 39137->39140 39141 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39138->39141 39142 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39139->39142 39140->39075 39141->39139 39143 7ffe0bef2821 39142->39143 39145 7ffe0bf0097e 39144->39145 39163 7ffe0bf00b21 39144->39163 39146 7ffe0bf009a3 WideCharToMultiByte 39145->39146 39145->39163 39147 7ffe0bf009d5 39146->39147 39146->39163 39148 7ffe0bf00b69 39147->39148 39150 7ffe0bf00a29 39147->39150 39151 7ffe0bf009ff 39147->39151 39184 7ffe0bf000d0 54 API calls _Maklocstr 39148->39184 39153 7ffe0bf4f98c std::_Facet_Register 4 API calls 39150->39153 39152 7ffe0bf00b6f 39151->39152 39155 7ffe0bf4f98c std::_Facet_Register 4 API calls 39151->39155 39185 7ffe0bef3130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39152->39185 39158 7ffe0bf00a12 memcpy_s 39153->39158 39155->39158 39157 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39157->39148 39159 7ffe0bf00a74 WideCharToMultiByte 39158->39159 39162 7ffe0bf00ad1 39158->39162 39160 7ffe0bf00aa0 39159->39160 39159->39162 39161 7ffe0bf00aa4 WideCharToMultiByte 39160->39161 39160->39162 39161->39162 39162->39157 39162->39163 39163->39084 39165 7ffe0bef1e1c 39164->39165 39166 7ffe0bf27a60 std::bad_exception::bad_exception 54 API calls 39165->39166 39167 7ffe0bef1eab 39166->39167 39168 7ffe0bef1f35 39167->39168 39171 7ffe0bef1f98 39167->39171 39169 7ffe0bef1f75 39168->39169 39174 7ffe0bef1f9d 39168->39174 39170 7ffe0bf50080 DName::DName 8 API calls 39169->39170 39172 7ffe0bef1f8b 39170->39172 39173 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39171->39173 39172->39089 39172->39090 39173->39174 39175 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39174->39175 39176 7ffe0bef1fa3 39175->39176 39178 7ffe0bef1dd0 54 API calls 39177->39178 39179 7ffe0befaac3 39178->39179 39180 7ffe0befaae1 39179->39180 39181 7ffe0bef3270 85 API calls 39179->39181 39180->39098 39181->39180 39183->39125 39186 7ffe0bef4195 39188 7ffe0bef419f 39186->39188 39187 7ffe0bef41d3 39190 7ffe0bf50080 DName::DName 8 API calls 39187->39190 39188->39187 39189 7ffe0bef4200 39188->39189 39192 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39189->39192 39191 7ffe0bef41eb 39190->39191 39193 7ffe0bef4205 39192->39193 39194 7ffe0bef3270 85 API calls 39193->39194 39196 7ffe0bef42e8 39193->39196 39194->39196 39195 7ffe0bef4334 39197 7ffe0bf00950 57 API calls 39195->39197 39196->39195 39198 7ffe0bef461e 39196->39198 39199 7ffe0bef4383 39197->39199 39200 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39198->39200 39236 7ffe0bef1fb0 39199->39236 39202 7ffe0bef4623 39200->39202 39206 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39202->39206 39204 7ffe0bef441a 39205 7ffe0bef84b0 71 API calls 39204->39205 39207 7ffe0bef4424 39205->39207 39208 7ffe0bef4629 39206->39208 39209 7ffe0bf00950 57 API calls 39207->39209 39211 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39208->39211 39210 7ffe0bef443a 39209->39210 39249 7ffe0bef99b0 39210->39249 39212 7ffe0bef462f 39211->39212 39215 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39212->39215 39214 7ffe0bef445b 39214->39208 39217 7ffe0bef449b 39214->39217 39216 7ffe0bef4635 39215->39216 39218 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39216->39218 39217->39212 39219 7ffe0bef44f7 39217->39219 39220 7ffe0bef463b 39218->39220 39221 7ffe0bf50080 DName::DName 8 API calls 39219->39221 39222 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39220->39222 39223 7ffe0bef460b 39221->39223 39224 7ffe0bef4641 39222->39224 39225 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39224->39225 39231 7ffe0bef4647 39225->39231 39226 7ffe0bef3270 85 API calls 39226->39231 39227 7ffe0bf00950 57 API calls 39227->39231 39228 7ffe0bef2230 54 API calls 39228->39231 39229 7ffe0bef84b0 71 API calls 39229->39231 39231->39226 39231->39227 39231->39228 39231->39229 39232 7ffe0bef487f 39231->39232 39233 7ffe0bf6f500 52 API calls _invalid_parameter_noinfo_noreturn 39231->39233 39294 7ffe0befb150 54 API calls 39231->39294 39234 7ffe0bf50080 DName::DName 8 API calls 39232->39234 39233->39231 39235 7ffe0bef48e2 39234->39235 39237 7ffe0bef1ffc 39236->39237 39238 7ffe0bf27a60 std::bad_exception::bad_exception 54 API calls 39237->39238 39239 7ffe0bef212c 39238->39239 39240 7ffe0bef21b6 39239->39240 39243 7ffe0bef2219 39239->39243 39241 7ffe0bef21f6 39240->39241 39244 7ffe0bef221e 39240->39244 39242 7ffe0bf50080 DName::DName 8 API calls 39241->39242 39245 7ffe0bef220c 39242->39245 39246 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39243->39246 39247 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39244->39247 39245->39202 39245->39204 39246->39244 39248 7ffe0bef2224 39247->39248 39263 7ffe0bef9a18 memcpy_s 39249->39263 39250 7ffe0bef9fa7 39318 7ffe0bef5f40 54 API calls 2 library calls 39250->39318 39252 7ffe0bef9fd0 39319 7ffe0bef7150 52 API calls __std_exception_copy 39252->39319 39253 7ffe0bef9fef 39321 7ffe0bf28124 54 API calls 2 library calls 39253->39321 39255 7ffe0bef9a8d 39295 7ffe0bef64a0 39255->39295 39256 7ffe0bef9fde 39320 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39256->39320 39260 7ffe0bef9ff7 39322 7ffe0bef6050 54 API calls 2 library calls 39260->39322 39263->39250 39263->39253 39263->39255 39316 7ffe0befa610 99 API calls 5 library calls 39263->39316 39264 7ffe0befa023 39323 7ffe0bef6fd0 52 API calls __std_exception_copy 39264->39323 39265 7ffe0bef9f67 _Mtx_unlock 39270 7ffe0bf50080 DName::DName 8 API calls 39265->39270 39267 7ffe0befa031 39324 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39267->39324 39272 7ffe0bef9f81 39270->39272 39271 7ffe0befa042 39273 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39271->39273 39272->39214 39274 7ffe0befa048 39273->39274 39275 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39274->39275 39276 7ffe0befa04e 39275->39276 39278 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39276->39278 39277 7ffe0bf006c0 62 API calls 39292 7ffe0bef9aba 39277->39292 39279 7ffe0befa054 39278->39279 39280 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39279->39280 39282 7ffe0befa05a 39280->39282 39281 7ffe0bf00950 57 API calls 39281->39292 39284 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39282->39284 39283 7ffe0bef1dd0 54 API calls 39283->39292 39285 7ffe0befa060 39284->39285 39287 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39285->39287 39286 7ffe0bef9f9c 39288 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39286->39288 39290 7ffe0befa066 39287->39290 39289 7ffe0bef9fa1 39288->39289 39291 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39289->39291 39290->39214 39291->39250 39292->39260 39292->39265 39292->39271 39292->39274 39292->39276 39292->39277 39292->39279 39292->39281 39292->39282 39292->39283 39292->39285 39292->39286 39292->39289 39308 7ffe0bef6d20 39292->39308 39317 7ffe0bef6670 54 API calls 3 library calls 39292->39317 39294->39231 39296 7ffe0bef6520 39295->39296 39296->39296 39297 7ffe0bf27a60 std::bad_exception::bad_exception 54 API calls 39296->39297 39298 7ffe0bef6568 39297->39298 39299 7ffe0bef65f2 39298->39299 39302 7ffe0bef6655 39298->39302 39300 7ffe0bef6632 39299->39300 39303 7ffe0bef665a 39299->39303 39301 7ffe0bf50080 DName::DName 8 API calls 39300->39301 39304 7ffe0bef6648 39301->39304 39305 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39302->39305 39306 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39303->39306 39304->39292 39305->39303 39307 7ffe0bef6660 39306->39307 39309 7ffe0bef6d56 39308->39309 39310 7ffe0bef6d68 39309->39310 39311 7ffe0bef6de4 39309->39311 39315 7ffe0bef6d76 _LStrxfrm 39310->39315 39325 7ffe0bef3180 39310->39325 39336 7ffe0bef3150 54 API calls _Maklocstr 39311->39336 39315->39292 39316->39263 39317->39292 39318->39252 39319->39256 39320->39253 39322->39264 39323->39267 39324->39271 39326 7ffe0bef318d 39325->39326 39327 7ffe0bef31b4 39325->39327 39328 7ffe0bef31cc 39326->39328 39329 7ffe0bef3196 39326->39329 39327->39315 39337 7ffe0bef3130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39328->39337 39331 7ffe0bf4f98c std::_Facet_Register 4 API calls 39329->39331 39332 7ffe0bef319b 39331->39332 39333 7ffe0bef31a3 39332->39333 39334 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39332->39334 39333->39315 39335 7ffe0bef31d7 39334->39335 39338 7ffe0bf0edf7 39339 7ffe0bef3180 std::bad_exception::bad_exception 54 API calls 39338->39339 39340 7ffe0bf0ee13 _LStrxfrm 39339->39340 39405 7ffe0befe160 39340->39405 39342 7ffe0bf0ee4e 39412 7ffe0befef80 39342->39412 39344 7ffe0bf0eee4 39420 7ffe0bf52a80 39344->39420 39346 7ffe0bf0eeef 39425 7ffe0bf52ab0 39346->39425 39348 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39349 7ffe0bf0f44f 39348->39349 39352 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39349->39352 39350 7ffe0bf0ef6c 39350->39349 39351 7ffe0bf0f0bd 39350->39351 39353 7ffe0bf0f455 39350->39353 39356 7ffe0bf0f424 39350->39356 39377 7ffe0bf0f449 39350->39377 39354 7ffe0bf52a80 2 API calls 39351->39354 39352->39353 39355 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39353->39355 39363 7ffe0bf0f10f 39354->39363 39358 7ffe0bf0f45b 39355->39358 39357 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39356->39357 39359 7ffe0bf0f429 39357->39359 39530 7ffe0bf7582c 52 API calls 3 library calls 39358->39530 39529 7ffe0bf28124 54 API calls 2 library calls 39359->39529 39365 7ffe0bf52ab0 4 API calls 39363->39365 39369 7ffe0bf0f15d 39365->39369 39366 7ffe0bf0f471 39371 7ffe0bf52a80 2 API calls 39369->39371 39373 7ffe0bf0f1a7 39371->39373 39375 7ffe0bef6d20 54 API calls 39373->39375 39378 7ffe0bf0f1ce 39375->39378 39377->39348 39379 7ffe0bf52ab0 4 API calls 39378->39379 39380 7ffe0bf0f206 39379->39380 39429 7ffe0bf55470 39380->39429 39386 7ffe0bf0f293 39455 7ffe0bf0e360 39386->39455 39387 7ffe0bf0f3cc 39388 7ffe0bf0f3f1 ReleaseSRWLockShared 39387->39388 39389 7ffe0bf0f3fa 39387->39389 39388->39389 39390 7ffe0bf50080 DName::DName 8 API calls 39389->39390 39392 7ffe0bf0f409 39390->39392 39393 7ffe0bf0f319 39462 7ffe0bf589d0 39393->39462 39396 7ffe0bf0f37b 39483 7ffe0bf0d3e0 39396->39483 39397 7ffe0bf0d3e0 93 API calls 39397->39396 39401 7ffe0bf0f3a4 39527 7ffe0bf58910 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39401->39527 39403 7ffe0bf0f3c0 39528 7ffe0bf07290 93 API calls 39403->39528 39406 7ffe0befe17a 39405->39406 39409 7ffe0befe1d4 39406->39409 39531 7ffe0befe0d0 54 API calls 39406->39531 39409->39342 39413 7ffe0befefcf 39412->39413 39414 7ffe0beff095 39413->39414 39415 7ffe0beff120 39413->39415 39419 7ffe0befefd4 _LStrxfrm 39413->39419 39418 7ffe0bef3180 std::bad_exception::bad_exception 54 API calls 39414->39418 39532 7ffe0bef3150 54 API calls _Maklocstr 39415->39532 39418->39419 39419->39344 39422 7ffe0bf52a89 std::bad_alloc::bad_alloc 39420->39422 39421 7ffe0bf52a8e 39421->39346 39422->39421 39533 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39422->39533 39424 7ffe0bf52aae 39426 7ffe0bf52aed 39425->39426 39427 7ffe0bf4f98c std::_Facet_Register 4 API calls 39426->39427 39428 7ffe0bf52b09 shared_ptr 39426->39428 39427->39428 39428->39350 39430 7ffe0bf55486 39429->39430 39431 7ffe0bf554af 39430->39431 39437 7ffe0bf553f0 115 API calls 39430->39437 39546 7ffe0bf58320 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive ReleaseSRWLockExclusive 39430->39546 39547 7ffe0bf582e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 39430->39547 39433 7ffe0bf554c3 39431->39433 39548 7ffe0bf583b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 39431->39548 39534 7ffe0bf553f0 39433->39534 39437->39430 39439 7ffe0bf554d3 39440 7ffe0bf0f251 39439->39440 39442 7ffe0bf4f98c std::_Facet_Register RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39439->39442 39447 7ffe0bf548f0 39440->39447 39443 7ffe0bf554e0 39442->39443 39444 7ffe0bf5aa00 TlsSetValue 39443->39444 39445 7ffe0bf55503 39444->39445 39446 7ffe0bf550b0 121 API calls 39445->39446 39446->39440 39550 7ffe0bf539b0 39447->39550 39450 7ffe0befd990 39451 7ffe0bf4f98c std::_Facet_Register 4 API calls 39450->39451 39452 7ffe0befd9b6 39451->39452 39453 7ffe0befd9c7 39452->39453 39580 7ffe0bf283e8 39452->39580 39453->39386 39457 7ffe0bf0e38f _DeleteExceptionPtr 39455->39457 39456 7ffe0bf0e3c5 39456->39393 39457->39456 39600 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39457->39600 39459 7ffe0bf0e457 39601 7ffe0bf08b00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39459->39601 39461 7ffe0bf0e47e 39461->39393 39463 7ffe0bf0e360 4 API calls 39462->39463 39464 7ffe0bf58a0d 39463->39464 39465 7ffe0bf283e8 62 API calls 39464->39465 39469 7ffe0bf58a15 39465->39469 39466 7ffe0bf52a80 2 API calls 39470 7ffe0bf58b2f shared_ptr 39466->39470 39467 7ffe0bf50080 DName::DName 8 API calls 39468 7ffe0bf0f332 39467->39468 39468->39396 39468->39397 39469->39466 39474 7ffe0bf58cad shared_ptr 39469->39474 39482 7ffe0bf58d7c 39470->39482 39602 7ffe0bf53300 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection shared_ptr 39470->39602 39471 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39473 7ffe0bf58d82 39471->39473 39474->39467 39475 7ffe0bf58c0e _DeleteExceptionPtr 39480 7ffe0bf58c78 39475->39480 39603 7ffe0bf58d90 90 API calls 39475->39603 39477 7ffe0bf58c69 39604 7ffe0bf10a30 54 API calls 2 library calls 39477->39604 39478 7ffe0bf58d4b _DeleteExceptionPtr 39605 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39478->39605 39480->39474 39480->39478 39482->39471 39484 7ffe0bf0d420 39483->39484 39485 7ffe0bf0d435 39484->39485 39486 7ffe0befa0d0 93 API calls 39484->39486 39487 7ffe0befa0d0 93 API calls 39485->39487 39489 7ffe0bf0d4c5 _DeleteExceptionPtr 39485->39489 39486->39485 39488 7ffe0bf0d474 39487->39488 39488->39489 39492 7ffe0bf0d49f _DeleteExceptionPtr 39488->39492 39493 7ffe0bf0d4c7 39488->39493 39490 7ffe0bf0d50a 39489->39490 39608 7ffe0bef89e0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39489->39608 39496 7ffe0befa0d0 39490->39496 39606 7ffe0bf0adc0 54 API calls 39492->39606 39607 7ffe0bf0adc0 54 API calls 39493->39607 39497 7ffe0befa0f4 39496->39497 39498 7ffe0befa180 39496->39498 39609 7ffe0bef75a0 93 API calls 39497->39609 39498->39401 39500 7ffe0befa101 39501 7ffe0befa16d 39500->39501 39503 7ffe0befa1a9 _DeleteExceptionPtr 39500->39503 39501->39498 39610 7ffe0bef89e0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39501->39610 39611 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39503->39611 39507 7ffe0befa5f4 39619 7ffe0bef3150 54 API calls _Maklocstr 39507->39619 39510 7ffe0befa5f9 39514 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39510->39514 39511 7ffe0bef3180 std::bad_exception::bad_exception 54 API calls 39519 7ffe0befa1fc _LStrxfrm std::bad_exception::bad_exception 39511->39519 39513 7ffe0bef6d20 54 API calls 39513->39519 39515 7ffe0befa5ff 39514->39515 39516 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39515->39516 39517 7ffe0befa605 39516->39517 39519->39507 39519->39510 39519->39511 39519->39513 39519->39515 39521 7ffe0bef3270 85 API calls 39519->39521 39523 7ffe0befa583 39519->39523 39526 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39519->39526 39612 7ffe0beff6b0 54 API calls 39519->39612 39613 7ffe0bef6df0 62 API calls std::_Facet_Register 39519->39613 39614 7ffe0bef5a60 93 API calls 2 library calls 39519->39614 39615 7ffe0bef7f30 52 API calls _Receive_impl 39519->39615 39616 7ffe0bf4fed8 5 API calls shared_ptr 39519->39616 39617 7ffe0bf4fd38 55 API calls shared_ptr 39519->39617 39618 7ffe0bf4fe78 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 39519->39618 39521->39519 39524 7ffe0bf50080 DName::DName 8 API calls 39523->39524 39525 7ffe0befa59d 39524->39525 39525->39401 39526->39519 39527->39403 39528->39387 39530->39366 39533->39424 39535 7ffe0bf55426 39534->39535 39536 7ffe0bf55419 39534->39536 39549 7ffe0bf4fed8 5 API calls shared_ptr 39535->39549 39545 7ffe0bf5a9f0 TlsGetValue 39536->39545 39546->39430 39551 7ffe0bf0f268 39550->39551 39552 7ffe0bf539ec 39550->39552 39551->39387 39551->39450 39572 7ffe0bf61490 39552->39572 39554 7ffe0bf53a11 AcquireSRWLockShared 39555 7ffe0bf53b30 ReleaseSRWLockShared 39554->39555 39556 7ffe0bf53a2d 39554->39556 39555->39551 39575 7ffe0bf52bd0 RtlPcToFileHeader RaiseException 39556->39575 39558 7ffe0bf539f5 39558->39554 39560 7ffe0bf61490 TlsGetValue 39558->39560 39559 7ffe0bf53a4a 39562 7ffe0bf53a80 39559->39562 39563 7ffe0bf53ab6 39559->39563 39564 7ffe0bf53b1d 39559->39564 39561 7ffe0bf53a0e 39560->39561 39561->39554 39566 7ffe0bf53ad4 39562->39566 39576 7ffe0bf54130 54 API calls 4 library calls 39562->39576 39577 7ffe0bf54130 54 API calls 4 library calls 39563->39577 39564->39555 39567 7ffe0bf53b13 39566->39567 39570 7ffe0bf53aec 39566->39570 39578 7ffe0bf52fd0 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39567->39578 39571 7ffe0bf53b04 ReleaseSRWLockShared 39570->39571 39571->39551 39579 7ffe0bf613e0 TlsGetValue 39572->39579 39574 7ffe0bf61499 39574->39558 39575->39559 39576->39562 39577->39566 39578->39564 39579->39574 39589 7ffe0bf27d20 39580->39589 39582 7ffe0bf2840a 39588 7ffe0bf2842d __tlregdtor _LStrxfrm 39582->39588 39597 7ffe0bf28618 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection std::_Facet_Register 39582->39597 39585 7ffe0bf28422 39598 7ffe0bf28648 53 API calls std::locale::_Setgloballocale 39585->39598 39587 7ffe0bf284c8 39587->39453 39593 7ffe0bf27d98 39588->39593 39590 7ffe0bf27d2f 39589->39590 39591 7ffe0bf27d34 39589->39591 39599 7ffe0bf7cc78 6 API calls std::_Lockit::_Lockit 39590->39599 39591->39582 39594 7ffe0bf27da3 LeaveCriticalSection 39593->39594 39596 7ffe0bf27dac 39593->39596 39596->39587 39597->39585 39598->39588 39600->39459 39601->39461 39602->39475 39603->39477 39604->39480 39605->39482 39606->39489 39607->39489 39608->39490 39609->39500 39610->39498 39611->39519 39612->39519 39613->39519 39614->39519 39615->39519 39617->39519 39620 7ffe0bf12e18 39657 7ffe0beff2a0 39620->39657 39622 7ffe0bf12ec7 39660 7ffe0bf4bc60 39622->39660 39625 7ffe0bf12f94 39627 7ffe0bf4bc60 59 API calls 39625->39627 39626 7ffe0bf13398 39628 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39626->39628 39629 7ffe0bf13066 39627->39629 39630 7ffe0bf1339d 39628->39630 39629->39630 39631 7ffe0bf130aa 39629->39631 39633 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39630->39633 39677 7ffe0bf4e180 39631->39677 39634 7ffe0bf133a3 39633->39634 39637 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39634->39637 39640 7ffe0bf133a9 39637->39640 39639 7ffe0bf13308 39641 7ffe0bf13348 39639->39641 39643 7ffe0bf133af 39639->39643 39642 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39640->39642 39644 7ffe0bf50080 DName::DName 8 API calls 39641->39644 39642->39643 39646 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39643->39646 39647 7ffe0bf1337e 39644->39647 39650 7ffe0bf133b5 39646->39650 39649 7ffe0bf13149 39651 7ffe0bf13221 39649->39651 39656 7ffe0bf132f3 39649->39656 39741 7ffe0bf4b740 62 API calls DName::DName 39649->39741 39742 7ffe0bf126d0 54 API calls 3 library calls 39651->39742 39654 7ffe0bf13258 39654->39634 39655 7ffe0bf13297 39654->39655 39655->39640 39655->39656 39743 7ffe0beff130 39656->39743 39751 7ffe0beff400 39657->39751 39659 7ffe0beff2ae 39659->39622 39661 7ffe0bf4bc69 39660->39661 39670 7ffe0bf12f50 39660->39670 39663 7ffe0bf4bd51 39661->39663 39665 7ffe0bf4bcbb 39661->39665 39662 7ffe0bf4bd68 39787 7ffe0bf3c8f4 59 API calls _LStrxfrm 39662->39787 39663->39662 39786 7ffe0bf4bbd0 54 API calls 39663->39786 39667 7ffe0beff2c0 59 API calls 39665->39667 39669 7ffe0bf4bce2 39667->39669 39668 7ffe0bf50080 DName::DName 8 API calls 39668->39670 39671 7ffe0bf4bc60 59 API calls 39669->39671 39670->39625 39670->39626 39672 7ffe0bf4bd10 39671->39672 39673 7ffe0bf4bd4a 39672->39673 39674 7ffe0bf4bd91 39672->39674 39673->39668 39675 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39674->39675 39676 7ffe0bf4bd96 39675->39676 39678 7ffe0bf4e18e 39677->39678 39788 7ffe0bf4e2e0 39678->39788 39681 7ffe0bf4d720 39682 7ffe0bf4d754 39681->39682 39683 7ffe0bf4d7c6 39681->39683 39684 7ffe0bf4dba9 39682->39684 39687 7ffe0bf4d75d 39682->39687 39685 7ffe0beff130 59 API calls 39683->39685 39933 7ffe0bf4ecb0 67 API calls 3 library calls 39684->39933 39688 7ffe0bf4d7f8 39685->39688 39692 7ffe0bf50080 DName::DName 8 API calls 39687->39692 39690 7ffe0beff130 59 API calls 39688->39690 39689 7ffe0bf4dbe3 39934 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39689->39934 39693 7ffe0bf4d815 39690->39693 39695 7ffe0bf13135 39692->39695 39878 7ffe0bf4c8d0 39693->39878 39694 7ffe0bf4dbf3 39935 7ffe0bf4eae0 67 API calls 3 library calls 39694->39935 39695->39649 39695->39656 39740 7ffe0bf11200 62 API calls 3 library calls 39695->39740 39697 7ffe0bf4d81b 39886 7ffe0bf4c820 39697->39886 39700 7ffe0bf4dc21 39936 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39700->39936 39702 7ffe0bf4dc31 39703 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39702->39703 39706 7ffe0bf4dc37 39703->39706 39704 7ffe0bf4d823 39705 7ffe0beff2c0 59 API calls 39704->39705 39716 7ffe0bf4d874 39704->39716 39705->39716 39707 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39706->39707 39709 7ffe0bf4dc3d 39707->39709 39708 7ffe0bf4da34 39894 7ffe0bef8ad0 39708->39894 39712 7ffe0bf4c280 59 API calls 39712->39716 39713 7ffe0bf4daed 39715 7ffe0bef8ad0 52 API calls 39713->39715 39717 7ffe0bf4daf7 39715->39717 39716->39706 39716->39708 39716->39712 39722 7ffe0bf4e2e0 79 API calls 39716->39722 39724 7ffe0beff2c0 59 API calls 39716->39724 39726 7ffe0bf4d9c3 39716->39726 39929 7ffe0bf4c350 59 API calls 39716->39929 39719 7ffe0bef8ad0 52 API calls 39717->39719 39718 7ffe0bf4da3d 39718->39713 39720 7ffe0bf4c280 59 API calls 39718->39720 39732 7ffe0bf4db11 39718->39732 39899 7ffe0bf4bda0 39718->39899 39916 7ffe0bf4dc40 39718->39916 39930 7ffe0bf4d200 59 API calls 39718->39930 39723 7ffe0bf4db01 39719->39723 39720->39718 39722->39716 39725 7ffe0bef8ad0 52 API calls 39723->39725 39724->39716 39725->39687 39726->39694 39727 7ffe0bf4d9d7 39726->39727 39727->39702 39729 7ffe0bf4da1a 39727->39729 39730 7ffe0bef8ad0 52 API calls 39729->39730 39731 7ffe0bf4db33 39730->39731 39733 7ffe0bef8ad0 52 API calls 39731->39733 39732->39729 39734 7ffe0bf4db6c 39732->39734 39735 7ffe0bf4db3d 39733->39735 39931 7ffe0bf4eae0 67 API calls 3 library calls 39734->39931 39737 7ffe0bef8ad0 52 API calls 39735->39737 39737->39687 39738 7ffe0bf4db99 39932 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39738->39932 39740->39649 39741->39651 39742->39654 39744 7ffe0beff166 39743->39744 39745 7ffe0beff1fc 39744->39745 39746 7ffe0beff17c 39744->39746 39943 7ffe0bef3150 54 API calls _Maklocstr 39745->39943 39750 7ffe0beff18a _LStrxfrm 39746->39750 39942 7ffe0beff230 59 API calls 3 library calls 39746->39942 39750->39639 39772 7ffe0bf63210 39751->39772 39754 7ffe0beff49c 39757 7ffe0beff4a1 39754->39757 39758 7ffe0beff50f GetLastError 39754->39758 39755 7ffe0beff478 39755->39754 39756 7ffe0beff47f SHGetSpecialFolderPathW 39755->39756 39756->39754 39774 7ffe0beff2c0 39757->39774 39781 7ffe0beff380 54 API calls 2 library calls 39758->39781 39760 7ffe0beff542 39782 7ffe0bef74f0 52 API calls __std_exception_copy 39760->39782 39763 7ffe0beff4eb 39765 7ffe0bf50080 DName::DName 8 API calls 39763->39765 39764 7ffe0beff550 39783 7ffe0bf61ddc RtlPcToFileHeader RaiseException 39764->39783 39767 7ffe0beff4fe 39765->39767 39767->39659 39768 7ffe0beff5ac 39768->39659 39769 7ffe0beff561 39769->39768 39770 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39769->39770 39771 7ffe0beff5cc 39770->39771 39771->39659 39773 7ffe0beff43c SHGetSpecialFolderPathW GetCurrentProcessId ProcessIdToSessionId 39772->39773 39773->39754 39773->39755 39775 7ffe0beff379 39774->39775 39776 7ffe0beff2f1 39774->39776 39785 7ffe0bef3150 54 API calls _Maklocstr 39775->39785 39780 7ffe0beff2ff _LStrxfrm 39776->39780 39784 7ffe0beff230 59 API calls 3 library calls 39776->39784 39780->39763 39781->39760 39782->39764 39783->39769 39784->39780 39786->39662 39787->39673 39808 7ffe0bf4e460 39788->39808 39790 7ffe0bf4e430 39793 7ffe0bf50080 DName::DName 8 API calls 39790->39793 39791 7ffe0bf4e310 39791->39790 39791->39791 39792 7ffe0bf4e34d 39791->39792 39795 7ffe0beff2c0 59 API calls 39792->39795 39794 7ffe0bf1310d 39793->39794 39794->39656 39794->39681 39796 7ffe0bf4e357 CreateFileW 39795->39796 39797 7ffe0bf4e3a4 39796->39797 39798 7ffe0bf4e3d6 39796->39798 39797->39798 39801 7ffe0bf4e457 39797->39801 39799 7ffe0bf4e3f4 GetLastError 39798->39799 39800 7ffe0bf4e40d 39798->39800 39851 7ffe0bf4e010 67 API calls Concurrency::cancel_current_task 39799->39851 39852 7ffe0bf4e1c0 39800->39852 39804 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39801->39804 39807 7ffe0bf4e45c 39804->39807 39805 7ffe0bf4e40a 39805->39790 39809 7ffe0bf4e48a 39808->39809 39810 7ffe0beff2c0 59 API calls 39809->39810 39811 7ffe0bf4e4ba CreateFileW 39810->39811 39812 7ffe0bf4e539 39811->39812 39813 7ffe0bf4e507 39811->39813 39814 7ffe0bf4e557 GetLastError 39812->39814 39815 7ffe0bf4e5b9 39812->39815 39813->39812 39816 7ffe0bf4e5ef 39813->39816 39818 7ffe0bf4e564 39814->39818 39819 7ffe0bf4e5a6 39814->39819 39817 7ffe0bf4e1c0 71 API calls 39815->39817 39822 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39816->39822 39824 7ffe0bf4e5ca FindCloseChangeNotification 39817->39824 39820 7ffe0bf4e56e 39818->39820 39821 7ffe0bf4e571 GetFileAttributesW 39818->39821 39869 7ffe0bf4e010 67 API calls Concurrency::cancel_current_task 39819->39869 39820->39821 39825 7ffe0bf4e59e GetLastError 39821->39825 39826 7ffe0bf4e57e 39821->39826 39833 7ffe0bf4e5f4 39822->39833 39827 7ffe0bf4e5b6 39824->39827 39825->39819 39826->39819 39828 7ffe0bf4e584 39826->39828 39829 7ffe0bf50080 DName::DName 8 API calls 39827->39829 39868 7ffe0bf4de20 59 API calls 2 library calls 39828->39868 39831 7ffe0bf4e5e4 39829->39831 39831->39791 39832 7ffe0bf4e58e 39832->39827 39834 7ffe0bf4e673 39833->39834 39835 7ffe0bf4e75b 39833->39835 39850 7ffe0bf4e63c _LStrxfrm 39833->39850 39837 7ffe0bf4e693 39834->39837 39838 7ffe0bf4e67f 39834->39838 39873 7ffe0bef3150 54 API calls _Maklocstr 39835->39873 39839 7ffe0bf4e6a4 39837->39839 39840 7ffe0bf4e6b8 39837->39840 39870 7ffe0bef17c0 54 API calls 3 library calls 39838->39870 39871 7ffe0bef17c0 54 API calls 3 library calls 39839->39871 39843 7ffe0bf4e6d3 39840->39843 39844 7ffe0bf4e6dd 39840->39844 39872 7ffe0bef17c0 54 API calls 3 library calls 39843->39872 39847 7ffe0bf4f98c std::_Facet_Register 4 API calls 39844->39847 39849 7ffe0bf4e68e _LStrxfrm 39844->39849 39846 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39848 7ffe0bf4e766 39846->39848 39847->39849 39849->39846 39849->39850 39850->39791 39851->39805 39853 7ffe0bf4e1fa 39852->39853 39854 7ffe0bf4e23d GetFileInformationByHandle 39852->39854 39858 7ffe0bf4e20e GetLastError 39853->39858 39862 7ffe0bf4e233 39853->39862 39855 7ffe0bf4e24f GetLastError 39854->39855 39856 7ffe0bf4e267 39854->39856 39875 7ffe0bf4e010 67 API calls Concurrency::cancel_current_task 39855->39875 39856->39862 39876 7ffe0bf4dd20 5 API calls std::_Facet_Register 39856->39876 39858->39854 39860 7ffe0bf4e219 39858->39860 39860->39854 39863 7ffe0bf4e21e 39860->39863 39877 7ffe0bf4de20 59 API calls 2 library calls 39862->39877 39874 7ffe0bf4e010 67 API calls Concurrency::cancel_current_task 39863->39874 39864 7ffe0bf4e22e 39865 7ffe0bf50080 DName::DName 8 API calls 39864->39865 39867 7ffe0bf4e2d3 CloseHandle 39865->39867 39867->39790 39868->39832 39869->39827 39870->39849 39871->39849 39872->39849 39874->39864 39875->39864 39876->39862 39877->39864 39879 7ffe0bf4c8e7 39878->39879 39885 7ffe0bf4c93b 39878->39885 39880 7ffe0bf4f98c std::_Facet_Register 4 API calls 39879->39880 39881 7ffe0bf4c8ef 39880->39881 39882 7ffe0beff2c0 59 API calls 39881->39882 39883 7ffe0bf4c927 39881->39883 39882->39883 39884 7ffe0bef8ad0 52 API calls 39883->39884 39883->39885 39884->39885 39885->39697 39887 7ffe0bf4c837 39886->39887 39893 7ffe0bf4c88b 39886->39893 39888 7ffe0bf4f98c std::_Facet_Register 4 API calls 39887->39888 39889 7ffe0bf4c83f 39888->39889 39890 7ffe0beff2c0 59 API calls 39889->39890 39891 7ffe0bf4c877 39889->39891 39890->39891 39892 7ffe0bef8ad0 52 API calls 39891->39892 39891->39893 39892->39893 39893->39704 39895 7ffe0bef8ae3 39894->39895 39896 7ffe0bef8b0c 39894->39896 39895->39896 39897 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39895->39897 39896->39718 39898 7ffe0bef8b30 39897->39898 39900 7ffe0bf4bdd5 39899->39900 39901 7ffe0bf4bf9e 39899->39901 39906 7ffe0beff2c0 59 API calls 39900->39906 39911 7ffe0bf4bea6 std::bad_exception::bad_exception 39900->39911 39902 7ffe0bf4bf3a 39901->39902 39940 7ffe0bf4ba30 54 API calls 5 library calls 39901->39940 39903 7ffe0bf50080 DName::DName 8 API calls 39902->39903 39905 7ffe0bf4bff1 39903->39905 39905->39718 39908 7ffe0bf4be2c 39906->39908 39907 7ffe0bf4bf2c 39937 7ffe0bf000f0 59 API calls 3 library calls 39907->39937 39909 7ffe0bf4bda0 59 API calls 39908->39909 39909->39911 39911->39907 39912 7ffe0bf4bf3f 39911->39912 39913 7ffe0bf4bf88 39912->39913 39938 7ffe0bf4bbd0 54 API calls 39912->39938 39939 7ffe0bf3c8f4 59 API calls _LStrxfrm 39913->39939 39917 7ffe0bf4dc58 39916->39917 39918 7ffe0bf4dc9e CreateDirectoryW 39917->39918 39919 7ffe0bf4dc79 CreateDirectoryExW 39917->39919 39922 7ffe0bf4dcb0 39918->39922 39919->39922 39923 7ffe0bf4dcb4 39922->39923 39924 7ffe0bf4dcc1 GetLastError 39922->39924 39923->39718 39925 7ffe0bf4e180 79 API calls 39924->39925 39926 7ffe0bf4dcf1 39925->39926 39927 7ffe0bf4dd0a 39926->39927 39941 7ffe0bf4f390 67 API calls 7 library calls 39926->39941 39927->39718 39929->39716 39930->39718 39931->39738 39932->39684 39933->39689 39934->39694 39935->39700 39936->39702 39937->39902 39938->39913 39939->39902 39940->39902 39941->39927 39942->39750 39944 7ffe0bf0d73a 39949 7ffe0bf4fd38 55 API calls shared_ptr 39944->39949 39946 7ffe0bf0d746 39950 7ffe0bf4fe78 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 39946->39950 39949->39946 39951 7ffe0bf04aa0 GetCurrentThreadId 39952 7ffe0bf04ace 39951->39952 39953 7ffe0bf04b36 39952->39953 39959 7ffe0bf02910 39952->39959 39960 7ffe0bf61490 TlsGetValue 39959->39960 39961 7ffe0bf02940 39960->39961 39962 7ffe0bf02950 AcquireSRWLockShared 39961->39962 39963 7ffe0bf029a4 39961->39963 39964 7ffe0bf4f98c std::_Facet_Register 4 API calls 39962->39964 39969 7ffe0befa0d0 93 API calls 39963->39969 39965 7ffe0bf0296d 39964->39965 39966 7ffe0bf0298b ReleaseSRWLockShared 39965->39966 39980 7ffe0bf06ac0 62 API calls 39965->39980 39970 7ffe0bf61490 TlsGetValue 39966->39970 39971 7ffe0bf029e9 39969->39971 39970->39963 39977 7ffe0bf58e30 39971->39977 39978 7ffe0bf58e3a OutputDebugStringA 39977->39978 39979 7ffe0bf58e37 39977->39979 39979->39978 39980->39966 39981 7ffe0bf061ce 39982 7ffe0bf061f9 39981->39982 39983 7ffe0bf06216 39981->39983 40005 7ffe0bf4b740 62 API calls DName::DName 39982->40005 40006 7ffe0beff8a0 54 API calls 3 library calls 39983->40006 39986 7ffe0bf06227 39987 7ffe0bef8ad0 52 API calls 39986->39987 39989 7ffe0bf063bf 39986->39989 40002 7ffe0bf063b9 39986->40002 39991 7ffe0bf06336 39987->39991 39988 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39988->39989 39990 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39989->39990 39993 7ffe0bf063c5 39990->39993 39992 7ffe0bf06369 39991->39992 39995 7ffe0bf063b4 39991->39995 40007 7ffe0bf0e0c0 69 API calls shared_ptr 39992->40007 40009 7ffe0bf61d24 52 API calls 2 library calls 39993->40009 40000 7ffe0bf6f500 _invalid_parameter_noinfo_noreturn 52 API calls 39995->40000 39997 7ffe0bf06376 40008 7ffe0bf0dde0 69 API calls shared_ptr 39997->40008 39998 7ffe0bf063f9 40000->40002 40001 7ffe0bf0637e 40003 7ffe0bf50080 DName::DName 8 API calls 40001->40003 40002->39988 40004 7ffe0bf0639b 40003->40004 40005->39983 40006->39986 40007->39997 40008->40001 40009->39998

                                                                              Executed Functions

                                                                              Function 00007FFE0BEF37A0 Relevance: 67.4, APIs: 30, Strings: 8, Instructions: 920COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __tlregdtor
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$monitor_configureport '{}', {:#x}, '{}'$monitor_deleteport '{}', {:#x}, '{}'$monitor_enddocport {:#x}$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$monitor_openport '{}', {:#x}$system
                                                                              • API String ID: 1373327856-976324260
                                                                              • Opcode ID: d757a8a58673be86f7cbab87874056a0d3fe4015908662d37686dd28c9f7eccd
                                                                              • Instruction ID: 9cce66de8f98e21d67639ace7b25f420f6ce910e8499787ce87f564961aed82e
                                                                              • Opcode Fuzzy Hash: d757a8a58673be86f7cbab87874056a0d3fe4015908662d37686dd28c9f7eccd
                                                                              • Instruction Fuzzy Hash: 7982B562A287C641EA10DB65E8443AE7361FF85790F405632EA9E93BFADF7CD481C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF51C4 Relevance: 39.0, APIs: 12, Strings: 10, Instructions: 463threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 348 7ffe0bef51c4-7ffe0bef51cd 349 7ffe0bef51d2-7ffe0bef51f3 call 7ffe0bef3270 call 7ffe0bf10ce0 348->349 350 7ffe0bef51cf 348->350 355 7ffe0bef5227-7ffe0bef5248 call 7ffe0bf10cc0 349->355 356 7ffe0bef51f5-7ffe0bef5207 349->356 350->349 363 7ffe0bef524a-7ffe0bef524d 355->363 364 7ffe0bef52a8-7ffe0bef52d5 call 7ffe0bef2660 355->364 357 7ffe0bef5209-7ffe0bef521c 356->357 358 7ffe0bef5222 call 7ffe0bf4f9c8 356->358 357->358 360 7ffe0bef5340-7ffe0bef5345 call 7ffe0bf6f500 357->360 358->355 372 7ffe0bef5346-7ffe0bef53ef call 7ffe0bf6f500 OutputDebugStringA call 7ffe0bf0d760 360->372 366 7ffe0bef52d6-7ffe0bef52e9 call 7ffe0bf10ce0 363->366 367 7ffe0bef5253-7ffe0bef5278 call 7ffe0bef2660 363->367 364->366 378 7ffe0bef531a-7ffe0bef533f call 7ffe0bf50080 366->378 379 7ffe0bef52eb-7ffe0bef52fd 366->379 375 7ffe0bef527d-7ffe0bef5288 DisableThreadLibraryCalls 367->375 390 7ffe0bef53f1-7ffe0bef53fa 372->390 391 7ffe0bef540f-7ffe0bef5429 call 7ffe0bf10ce0 372->391 375->366 380 7ffe0bef528a-7ffe0bef52a6 call 7ffe0bef1a50 375->380 382 7ffe0bef5314-7ffe0bef5319 call 7ffe0bf4f9c8 379->382 383 7ffe0bef52ff-7ffe0bef5312 379->383 380->366 382->378 383->372 383->382 393 7ffe0bef53fc 390->393 394 7ffe0bef53ff-7ffe0bef540a call 7ffe0bef3270 390->394 398 7ffe0bef542b-7ffe0bef5440 391->398 399 7ffe0bef5460-7ffe0bef54c1 call 7ffe0bf00950 call 7ffe0bef1dd0 391->399 393->394 394->391 400 7ffe0bef545b call 7ffe0bf4f9c8 398->400 401 7ffe0bef5442-7ffe0bef5455 398->401 410 7ffe0bef54f8-7ffe0bef5517 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0befaa90 399->410 411 7ffe0bef54c3-7ffe0bef54d8 399->411 400->399 401->400 404 7ffe0bef57cc-7ffe0bef57d1 call 7ffe0bf6f500 401->404 412 7ffe0bef57d2-7ffe0bef57d7 call 7ffe0bf6f500 404->412 427 7ffe0bef551c-7ffe0bef5529 410->427 413 7ffe0bef54da-7ffe0bef54ed 411->413 414 7ffe0bef54f3 call 7ffe0bf4f9c8 411->414 420 7ffe0bef57d8-7ffe0bef57dd call 7ffe0bf6f500 412->420 413->412 413->414 414->410 426 7ffe0bef57de-7ffe0bef57f1 call 7ffe0bf4fed8 420->426 431 7ffe0bef5588-7ffe0bef56f6 call 7ffe0bef2660 426->431 437 7ffe0bef57f7-7ffe0bef5804 call 7ffe0bf4f98c 426->437 429 7ffe0bef552b-7ffe0bef5540 427->429 430 7ffe0bef5561-7ffe0bef5582 427->430 433 7ffe0bef555b-7ffe0bef5560 call 7ffe0bf4f9c8 429->433 434 7ffe0bef5542-7ffe0bef5555 429->434 430->426 430->431 439 7ffe0bef56fb-7ffe0bef571b call 7ffe0bf10ce0 431->439 433->430 434->420 434->433 443 7ffe0bef5806-7ffe0bef5828 437->443 444 7ffe0bef582f-7ffe0bef5850 call 7ffe0bf4fd38 call 7ffe0bf4fe78 437->444 447 7ffe0bef571d-7ffe0bef5732 439->447 448 7ffe0bef5753-7ffe0bef57cb call 7ffe0bf50080 439->448 443->444 444->431 450 7ffe0bef574d-7ffe0bef5752 call 7ffe0bf4f9c8 447->450 451 7ffe0bef5734-7ffe0bef5747 447->451 450->448 451->450 455 7ffe0bef5855-7ffe0bef58f8 call 7ffe0bf6f500 * 2 call 7ffe0bf0d760 451->455 467 7ffe0bef58fa-7ffe0bef5903 455->467 468 7ffe0bef5918-7ffe0bef5932 call 7ffe0bf10ce0 455->468 469 7ffe0bef5908-7ffe0bef5913 call 7ffe0bef3270 467->469 470 7ffe0bef5905 467->470 474 7ffe0bef5969-7ffe0bef5a02 call 7ffe0bef2cc0 call 7ffe0bf10ce0 468->474 475 7ffe0bef5934-7ffe0bef5949 468->475 469->468 470->469 487 7ffe0bef5a36-7ffe0bef5a50 call 7ffe0bf50080 474->487 488 7ffe0bef5a04-7ffe0bef5a19 474->488 476 7ffe0bef594b-7ffe0bef595e 475->476 477 7ffe0bef5964 call 7ffe0bf4f9c8 475->477 476->477 479 7ffe0bef5a51-7ffe0bef5a56 call 7ffe0bf6f500 476->479 477->474 486 7ffe0bef5a57-7ffe0bef5a5f call 7ffe0bf6f500 479->486 489 7ffe0bef5a1b-7ffe0bef5a2e 488->489 490 7ffe0bef5a30-7ffe0bef5a35 call 7ffe0bf4f9c8 488->490 489->486 489->490 490->487
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CallsDebugDisableLibraryOutputStringThread__tlregdtor
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$DisableThreadLibraryCalls() failed$InitializePrintMonitor '{}'$RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$process attach, instance {:#x}$process detach, instance {:#x}$return MONITOREX {:#x}$rundll$system$wfaxport.dll initialize
                                                                              • API String ID: 1380303762-3667887961
                                                                              • Opcode ID: 1af4e99388d40cea66d7b49e1c3d927093205b51fe48de063dbb55fb376201f1
                                                                              • Instruction ID: 7b6e37390a79abf5a5947c426ed3fd267d305257d4c64a3278bdf92d7ee64b40
                                                                              • Opcode Fuzzy Hash: 1af4e99388d40cea66d7b49e1c3d927093205b51fe48de063dbb55fb376201f1
                                                                              • Instruction Fuzzy Hash: DA226322A28BC681EA10DB14E8443BA73A1FB95790F505236DA9E937F5EF7CE5C5C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF12E18 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 325COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 851 7ffe0bf12e18-7ffe0bf12f5d call 7ffe0beff2a0 call 7ffe0bf4b650 call 7ffe0bf4bc60 858 7ffe0bf12f5f-7ffe0bf12f79 851->858 859 7ffe0bf12f99-7ffe0bf13073 call 7ffe0bf4b650 call 7ffe0bf4bc60 851->859 860 7ffe0bf12f94 call 7ffe0bf4f9c8 858->860 861 7ffe0bf12f7b-7ffe0bf12f8e 858->861 870 7ffe0bf130af-7ffe0bf13110 call 7ffe0bf4e180 859->870 871 7ffe0bf13075-7ffe0bf1308f 859->871 860->859 861->860 863 7ffe0bf13398-7ffe0bf1339d call 7ffe0bf6f500 861->863 872 7ffe0bf1339e-7ffe0bf133a3 call 7ffe0bf6f500 863->872 881 7ffe0bf13116-7ffe0bf13130 call 7ffe0bf4d720 870->881 882 7ffe0bf132f8-7ffe0bf13315 call 7ffe0beff130 870->882 874 7ffe0bf13091-7ffe0bf130a4 871->874 875 7ffe0bf130aa call 7ffe0bf4f9c8 871->875 880 7ffe0bf133a4-7ffe0bf133a9 call 7ffe0bf6f500 872->880 874->872 874->875 875->870 891 7ffe0bf133aa-7ffe0bf133af call 7ffe0bf6f500 880->891 888 7ffe0bf13135-7ffe0bf1313d 881->888 889 7ffe0bf13317-7ffe0bf13331 882->889 890 7ffe0bf1334d-7ffe0bf13397 call 7ffe0bf50080 882->890 888->882 892 7ffe0bf13143-7ffe0bf13147 888->892 893 7ffe0bf13333-7ffe0bf13346 889->893 894 7ffe0bf13348 call 7ffe0bf4f9c8 889->894 899 7ffe0bf133b0-7ffe0bf133b5 call 7ffe0bf6f500 891->899 896 7ffe0bf13174-7ffe0bf13177 892->896 897 7ffe0bf13149-7ffe0bf13156 892->897 893->894 893->899 894->890 904 7ffe0bf1318f-7ffe0bf131a7 896->904 905 7ffe0bf13179-7ffe0bf1318d call 7ffe0bf11200 896->905 897->882 902 7ffe0bf1315c-7ffe0bf13172 897->902 913 7ffe0bf131aa-7ffe0bf131e0 902->913 904->913 905->913 914 7ffe0bf13221-7ffe0bf13265 call 7ffe0bf126d0 913->914 915 7ffe0bf131e2-7ffe0bf1321c call 7ffe0bf4b740 913->915 919 7ffe0bf13267-7ffe0bf1327c 914->919 920 7ffe0bf1329c-7ffe0bf132c1 914->920 915->914 921 7ffe0bf1327e-7ffe0bf13291 919->921 922 7ffe0bf13297 call 7ffe0bf4f9c8 919->922 920->882 923 7ffe0bf132c3-7ffe0bf132d8 920->923 921->880 921->922 922->920 925 7ffe0bf132f3 call 7ffe0bf4f9c8 923->925 926 7ffe0bf132da-7ffe0bf132ed 923->926 925->882 926->891 926->925
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\utils\ServiceFilesystem.cpp$Couldn't create writable subdirectory '{}': {}$WIService$Wildix
                                                                              • API String ID: 3668304517-1823832745
                                                                              • Opcode ID: 4cf0d7ca435ab29cba9aee2d834deacd446f32cad2b8ece2b4deb5508146a8ee
                                                                              • Instruction ID: ac61fee570581ec4a97ca34056da4491f834db15efc15a20729615c10ecf683c
                                                                              • Opcode Fuzzy Hash: 4cf0d7ca435ab29cba9aee2d834deacd446f32cad2b8ece2b4deb5508146a8ee
                                                                              • Instruction Fuzzy Hash: BFD18362A18BC291EB60CB24E8443AEB361FBD5790F509632DADD53AB9DF7CD185C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF75B3C Relevance: 9.2, APIs: 6, Instructions: 249COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1116 7ffe0bf75b3c-7ffe0bf75b50 1117 7ffe0bf75b52-7ffe0bf75b5e call 7ffe0bf7531c call 7ffe0bf6f4e0 1116->1117 1118 7ffe0bf75b6d-7ffe0bf75b84 1116->1118 1129 7ffe0bf75b63 1117->1129 1118->1117 1120 7ffe0bf75b86-7ffe0bf75b8a 1118->1120 1121 7ffe0bf75b8c-7ffe0bf75b98 call 7ffe0bf7531c 1120->1121 1122 7ffe0bf75b9a-7ffe0bf75ba7 1120->1122 1121->1129 1122->1121 1125 7ffe0bf75ba9-7ffe0bf75bc5 call 7ffe0bf87980 call 7ffe0bf86d84 1122->1125 1134 7ffe0bf75e23-7ffe0bf75e5b call 7ffe0bf6f530 call 7ffe0bf814e4 1125->1134 1135 7ffe0bf75bcb-7ffe0bf75bd6 call 7ffe0bf86db4 1125->1135 1131 7ffe0bf75b65-7ffe0bf75b6c 1129->1131 1146 7ffe0bf75e71-7ffe0bf75e83 1134->1146 1147 7ffe0bf75e5d-7ffe0bf75e63 call 7ffe0bf75b3c 1134->1147 1135->1134 1141 7ffe0bf75bdc-7ffe0bf75be7 call 7ffe0bf86de4 1135->1141 1141->1134 1148 7ffe0bf75bed-7ffe0bf75c04 1141->1148 1154 7ffe0bf75e68-7ffe0bf75e6e 1147->1154 1149 7ffe0bf75c66-7ffe0bf75c73 call 7ffe0bf81578 1148->1149 1150 7ffe0bf75c06-7ffe0bf75c1f call 7ffe0bf81578 1148->1150 1149->1131 1158 7ffe0bf75c79-7ffe0bf75c7f 1149->1158 1150->1131 1157 7ffe0bf75c25-7ffe0bf75c28 1150->1157 1154->1146 1159 7ffe0bf75c2e-7ffe0bf75c38 call 7ffe0bf879c4 1157->1159 1160 7ffe0bf75e1c-7ffe0bf75e1e 1157->1160 1161 7ffe0bf75c81-7ffe0bf75c8b call 7ffe0bf879c4 1158->1161 1162 7ffe0bf75c9e 1158->1162 1159->1160 1173 7ffe0bf75c3e-7ffe0bf75c54 call 7ffe0bf81578 1159->1173 1160->1131 1161->1162 1170 7ffe0bf75c8d-7ffe0bf75c9c 1161->1170 1164 7ffe0bf75ca2-7ffe0bf75ccf 1162->1164 1167 7ffe0bf75cd1-7ffe0bf75cd8 1164->1167 1168 7ffe0bf75cda-7ffe0bf75d1b 1164->1168 1167->1168 1171 7ffe0bf75d1d-7ffe0bf75d24 1168->1171 1172 7ffe0bf75d27-7ffe0bf75d72 1168->1172 1170->1164 1171->1172 1175 7ffe0bf75d74-7ffe0bf75d7b 1172->1175 1176 7ffe0bf75d7e-7ffe0bf75d98 1172->1176 1173->1131 1180 7ffe0bf75c5a-7ffe0bf75c61 1173->1180 1175->1176 1178 7ffe0bf75dc5 1176->1178 1179 7ffe0bf75d9a-7ffe0bf75dc3 1176->1179 1178->1160 1181 7ffe0bf75dc7-7ffe0bf75dfc 1178->1181 1179->1160 1180->1160 1182 7ffe0bf75dfe-7ffe0bf75e17 1181->1182 1183 7ffe0bf75e19 1181->1183 1182->1160 1183->1160
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                              • String ID:
                                                                              • API String ID: 1405656091-0
                                                                              • Opcode ID: b108f4d214aa4c792b2fc591634e3fe1570faaa9529d3843a1582aca8436b1cc
                                                                              • Instruction ID: ab7dc7cddca9bfb4ebee1c4446b53397fb0c011f1238598b47bd96fb2ea54888
                                                                              • Opcode Fuzzy Hash: b108f4d214aa4c792b2fc591634e3fe1570faaa9529d3843a1582aca8436b1cc
                                                                              • Instruction Fuzzy Hash: C891A3B2B042464BEB588F25DD412B877A1FB54B88F049139DA0ECB7A9EF3CE5518740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF0E9B5 Relevance: 30.4, APIs: 10, Strings: 7, Instructions: 606COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 497 7ffe0bf0e9b5-7ffe0bf0e9d0 498 7ffe0bf0e9d2 497->498 499 7ffe0bf0e9d5-7ffe0bf0e9e9 497->499 498->499 500 7ffe0bf0e9ee-7ffe0bf0ea7f call 7ffe0bf27a60 499->500 501 7ffe0bf0e9eb 499->501 504 7ffe0bf0eaa0-7ffe0bf0eace 500->504 505 7ffe0bf0ea81-7ffe0bf0ea99 call 7ffe0bf0a1e0 500->505 501->500 506 7ffe0bf0ead0-7ffe0bf0eae5 call 7ffe0bf4f98c 504->506 507 7ffe0bf0eaec-7ffe0bf0eb3f 504->507 505->504 506->507 511 7ffe0bf0eb41-7ffe0bf0eb55 507->511 512 7ffe0bf0eb75-7ffe0bf0eb97 507->512 514 7ffe0bf0eb70 call 7ffe0bf4f9c8 511->514 515 7ffe0bf0eb57-7ffe0bf0eb6a 511->515 516 7ffe0bf0eb99-7ffe0bf0ebad 512->516 517 7ffe0bf0ebcd-7ffe0bf0ebd8 512->517 514->512 515->514 520 7ffe0bf0f432-7ffe0bf0f437 call 7ffe0bf6f500 515->520 522 7ffe0bf0ebaf-7ffe0bf0ebc2 516->522 523 7ffe0bf0ebc8 call 7ffe0bf4f9c8 516->523 518 7ffe0bf0ebde-7ffe0bf0ebe5 517->518 519 7ffe0bf0ec8a-7ffe0bf0ec9f call 7ffe0bf28010 517->519 524 7ffe0bf0ebf0-7ffe0bf0ec10 518->524 539 7ffe0bf0eca5-7ffe0bf0ed37 AcquireSRWLockShared call 7ffe0bf54500 call 7ffe0bf529a0 call 7ffe0bf52a80 call 7ffe0bf55090 call 7ffe0bf52ab0 519->539 540 7ffe0bf0f3fa-7ffe0bf0f423 call 7ffe0bf50080 519->540 527 7ffe0bf0f438-7ffe0bf0f43d call 7ffe0bf6f500 520->527 522->523 522->527 523->517 529 7ffe0bf0ec42-7ffe0bf0ec63 524->529 530 7ffe0bf0ec12-7ffe0bf0ec1f 524->530 542 7ffe0bf0f43e-7ffe0bf0f449 call 7ffe0bf6f500 call 7ffe0bef3150 527->542 536 7ffe0bf0ec83 529->536 537 7ffe0bf0ec65-7ffe0bf0ec7c 529->537 534 7ffe0bf0ec21-7ffe0bf0ec34 530->534 535 7ffe0bf0ec3d call 7ffe0bf4f9c8 530->535 534->542 543 7ffe0bf0ec3a 534->543 535->529 536->519 537->519 545 7ffe0bf0ec7e 537->545 571 7ffe0bf0ed40-7ffe0bf0ed68 539->571 557 7ffe0bf0f44a-7ffe0bf0f44f call 7ffe0bf6f500 542->557 543->535 545->524 562 7ffe0bf0f450-7ffe0bf0f455 call 7ffe0bf6f500 557->562 568 7ffe0bf0f456-7ffe0bf0f49c call 7ffe0bf6f500 call 7ffe0bf7582c 562->568 579 7ffe0bf0f4a0-7ffe0bf0f4a8 568->579 571->571 573 7ffe0bf0ed6a-7ffe0bf0ee74 call 7ffe0befe160 571->573 584 7ffe0bf0ee76 573->584 585 7ffe0bf0ee79-7ffe0bf0ef7a call 7ffe0befef80 call 7ffe0bf52a80 call 7ffe0bf52020 call 7ffe0bf52ab0 573->585 579->579 581 7ffe0bf0f4aa-7ffe0bf0f4ba call 7ffe0bef1800 579->581 584->585 598 7ffe0bf0efa8-7ffe0bf0efb3 585->598 599 7ffe0bf0ef7c-7ffe0bf0ef8d 585->599 601 7ffe0bf0efb5-7ffe0bf0efc9 598->601 602 7ffe0bf0efea-7ffe0bf0eff5 598->602 599->598 600 7ffe0bf0ef8f-7ffe0bf0ef9d 599->600 600->598 605 7ffe0bf0ef9f-7ffe0bf0efa7 600->605 606 7ffe0bf0efe4-7ffe0bf0efe9 call 7ffe0bf4f9c8 601->606 607 7ffe0bf0efcb-7ffe0bf0efde 601->607 603 7ffe0bf0eff7-7ffe0bf0f00b 602->603 604 7ffe0bf0f02c-7ffe0bf0f037 602->604 608 7ffe0bf0f026-7ffe0bf0f02b call 7ffe0bf4f9c8 603->608 609 7ffe0bf0f00d-7ffe0bf0f020 603->609 610 7ffe0bf0f039-7ffe0bf0f04d 604->610 611 7ffe0bf0f06d-7ffe0bf0f08f 604->611 605->598 606->602 607->557 607->606 608->604 609->562 609->608 615 7ffe0bf0f04f-7ffe0bf0f062 610->615 616 7ffe0bf0f068 call 7ffe0bf4f9c8 610->616 618 7ffe0bf0f091-7ffe0bf0f0a2 611->618 619 7ffe0bf0f0c2-7ffe0bf0f0e6 611->619 615->568 615->616 616->611 624 7ffe0bf0f0a4-7ffe0bf0f0b7 618->624 625 7ffe0bf0f0bd call 7ffe0bf4f9c8 618->625 620 7ffe0bf0f101-7ffe0bf0f166 call 7ffe0bf52a80 call 7ffe0bf52020 call 7ffe0bf52ab0 619->620 621 7ffe0bf0f0e8-7ffe0bf0f0fd 619->621 640 7ffe0bf0f195-7ffe0bf0f1d9 call 7ffe0bf0d760 call 7ffe0bf52a80 call 7ffe0bef6d20 620->640 641 7ffe0bf0f168-7ffe0bf0f179 620->641 621->620 624->625 628 7ffe0bf0f424-7ffe0bf0f431 call 7ffe0bf6f500 call 7ffe0bf28124 624->628 625->619 628->520 652 7ffe0bf0f1df-7ffe0bf0f20f call 7ffe0bf52020 call 7ffe0bf52ab0 640->652 653 7ffe0bf0f1db 640->653 641->640 643 7ffe0bf0f17b-7ffe0bf0f189 641->643 643->640 645 7ffe0bf0f18b-7ffe0bf0f18e 643->645 645->640 658 7ffe0bf0f23e-7ffe0bf0f27a call 7ffe0bf54620 call 7ffe0bf55470 call 7ffe0bf548f0 652->658 659 7ffe0bf0f211-7ffe0bf0f222 652->659 653->652 670 7ffe0bf0f280-7ffe0bf0f33d call 7ffe0befd990 call 7ffe0bf05630 call 7ffe0bf0e360 call 7ffe0bf589d0 658->670 671 7ffe0bf0f3d1-7ffe0bf0f3d4 658->671 659->658 660 7ffe0bf0f224-7ffe0bf0f232 659->660 660->658 662 7ffe0bf0f234-7ffe0bf0f237 660->662 662->658 688 7ffe0bf0f33f-7ffe0bf0f343 670->688 689 7ffe0bf0f353-7ffe0bf0f360 670->689 672 7ffe0bf0f3e0-7ffe0bf0f3ef call 7ffe0bf074c0 671->672 673 7ffe0bf0f3d6-7ffe0bf0f3db call 7ffe0bf54330 671->673 672->540 682 7ffe0bf0f3f1-7ffe0bf0f3f5 ReleaseSRWLockShared 672->682 673->672 682->540 690 7ffe0bf0f345-7ffe0bf0f351 688->690 691 7ffe0bf0f37b-7ffe0bf0f384 688->691 692 7ffe0bf0f36f-7ffe0bf0f376 call 7ffe0bf0d3e0 689->692 690->692 694 7ffe0bf0f386 691->694 695 7ffe0bf0f389-7ffe0bf0f39f call 7ffe0bf0d3e0 call 7ffe0befa0d0 691->695 692->691 694->695 699 7ffe0bf0f3a4-7ffe0bf0f3ae call 7ffe0bf54910 695->699 701 7ffe0bf0f3b3-7ffe0bf0f3cc call 7ffe0bf58910 call 7ffe0bf07290 699->701 701->671
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$AcquireLockMtx_unlockShared
                                                                              • String ID: !!!ERROR!!! $!!!FATAL!!! $FileName$Scope$ThreadId$Unknown error${}.{:03d} | {:<15} {}
                                                                              • API String ID: 1953351835-1628071256
                                                                              • Opcode ID: 41e6f4fb972c50071f6acbfbd35c4d733494a76fc6be772fe58aa517d42c0fab
                                                                              • Instruction ID: 726dbfea8f4eb150bab8b7691525036a71b587de47f2befc3df8dba14ff5e753
                                                                              • Opcode Fuzzy Hash: 41e6f4fb972c50071f6acbfbd35c4d733494a76fc6be772fe58aa517d42c0fab
                                                                              • Instruction Fuzzy Hash: A9526972A19B8685EB219F68DC843E93361FB84794F409632DA4E877B9DF3CE585C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF99B0 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 445COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 706 7ffe0bef99b0-7ffe0bef9a16 707 7ffe0bef9a18-7ffe0bef9a20 call 7ffe0bf63210 706->707 708 7ffe0bef9a25-7ffe0bef9a2b 706->708 707->708 710 7ffe0bef9fa8-7ffe0bef9fef call 7ffe0bef5f40 call 7ffe0bef7150 call 7ffe0bf61ddc 708->710 711 7ffe0bef9a31-7ffe0bef9a44 call 7ffe0bf28008 708->711 717 7ffe0bef9ff0-7ffe0bef9ff7 call 7ffe0bf28124 710->717 716 7ffe0bef9a4a-7ffe0bef9a58 711->716 711->717 719 7ffe0bef9a5a-7ffe0bef9a67 716->719 720 7ffe0bef9a97-7ffe0bef9abd call 7ffe0bef64a0 716->720 727 7ffe0bef9ff8-7ffe0befa042 call 7ffe0bef6050 call 7ffe0bef6fd0 call 7ffe0bf61ddc 717->727 723 7ffe0bef9a70-7ffe0bef9a8b call 7ffe0befa610 719->723 720->727 733 7ffe0bef9ac3-7ffe0bef9ad7 720->733 735 7ffe0bef9a8d-7ffe0bef9a92 723->735 751 7ffe0befa043-7ffe0befa048 call 7ffe0bf6f500 727->751 736 7ffe0bef9add 733->736 737 7ffe0bef9f67-7ffe0bef9f9b call 7ffe0bf28010 call 7ffe0bf50080 733->737 735->720 740 7ffe0bef9ae0-7ffe0bef9b0f call 7ffe0bef6d20 call 7ffe0bf006c0 736->740 752 7ffe0bef9b42-7ffe0bef9b66 740->752 753 7ffe0bef9b11-7ffe0bef9b22 740->753 762 7ffe0befa049-7ffe0befa04e call 7ffe0bf6f500 751->762 757 7ffe0bef9b6b-7ffe0bef9b89 call 7ffe0bf006c0 752->757 758 7ffe0bef9b68 752->758 755 7ffe0bef9b3d call 7ffe0bf4f9c8 753->755 756 7ffe0bef9b24-7ffe0bef9b37 753->756 755->752 756->751 756->755 765 7ffe0bef9b8b 757->765 766 7ffe0bef9b8e-7ffe0bef9baa call 7ffe0bf006c0 757->766 758->757 769 7ffe0befa04f-7ffe0befa054 call 7ffe0bf6f500 762->769 765->766 772 7ffe0bef9db4-7ffe0bef9dd5 766->772 773 7ffe0bef9bb0-7ffe0bef9bb3 766->773 777 7ffe0befa055-7ffe0befa05a call 7ffe0bf6f500 769->777 778 7ffe0bef9de0-7ffe0bef9dee 772->778 775 7ffe0bef9bb9-7ffe0bef9bdf 773->775 776 7ffe0bef9e74 773->776 780 7ffe0bef9be0-7ffe0bef9bee 775->780 782 7ffe0bef9e77-7ffe0bef9e7f 776->782 792 7ffe0befa05b-7ffe0befa060 call 7ffe0bf6f500 777->792 778->778 779 7ffe0bef9df0-7ffe0bef9e2f call 7ffe0bf00950 call 7ffe0bef1dd0 778->779 806 7ffe0bef9e34-7ffe0bef9e3d 779->806 780->780 784 7ffe0bef9bf0-7ffe0bef9c0e 780->784 786 7ffe0bef9eb7-7ffe0bef9ed0 782->786 787 7ffe0bef9e81-7ffe0bef9e97 782->787 791 7ffe0bef9c10-7ffe0bef9c1e 784->791 788 7ffe0bef9f08-7ffe0bef9f21 786->788 789 7ffe0bef9ed2-7ffe0bef9ee8 786->789 793 7ffe0bef9e99-7ffe0bef9eac 787->793 794 7ffe0bef9eb2 call 7ffe0bf4f9c8 787->794 800 7ffe0bef9f56-7ffe0bef9f61 788->800 801 7ffe0bef9f23-7ffe0bef9f3a 788->801 795 7ffe0bef9eea-7ffe0bef9efd 789->795 796 7ffe0bef9f03 call 7ffe0bf4f9c8 789->796 791->791 798 7ffe0bef9c20-7ffe0bef9c3d 791->798 802 7ffe0befa061-7ffe0befa07c call 7ffe0bf6f500 792->802 793->794 793->802 794->786 795->796 804 7ffe0bef9f9c-7ffe0bef9fa1 call 7ffe0bf6f500 795->804 796->788 807 7ffe0bef9c40-7ffe0bef9c4e 798->807 800->737 800->740 809 7ffe0bef9f3c-7ffe0bef9f4f 801->809 810 7ffe0bef9f51 call 7ffe0bf4f9c8 801->810 824 7ffe0befa086-7ffe0befa088 802->824 825 7ffe0befa07e-7ffe0befa081 802->825 816 7ffe0bef9fa2-7ffe0bef9fa7 call 7ffe0bf6f500 804->816 813 7ffe0bef9e70 806->813 814 7ffe0bef9e3f-7ffe0bef9e50 806->814 807->807 815 7ffe0bef9c50-7ffe0bef9cdf call 7ffe0bf00950 * 3 call 7ffe0bef6670 807->815 809->810 809->816 810->800 813->776 821 7ffe0bef9e6b call 7ffe0bf4f9c8 814->821 822 7ffe0bef9e52-7ffe0bef9e65 814->822 836 7ffe0bef9d12-7ffe0bef9d2d 815->836 837 7ffe0bef9ce1-7ffe0bef9cf2 815->837 816->710 821->813 822->792 822->821 825->824 829 7ffe0befa083-7ffe0befa085 825->829 840 7ffe0bef9d60-7ffe0bef9d78 836->840 841 7ffe0bef9d2f-7ffe0bef9d40 836->841 838 7ffe0bef9d0d call 7ffe0bf4f9c8 837->838 839 7ffe0bef9cf4-7ffe0bef9d07 837->839 838->836 839->762 839->838 845 7ffe0bef9dab-7ffe0bef9daf 840->845 846 7ffe0bef9d7a-7ffe0bef9d8b 840->846 843 7ffe0bef9d5b call 7ffe0bf4f9c8 841->843 844 7ffe0bef9d42-7ffe0bef9d55 841->844 843->840 844->769 844->843 845->782 848 7ffe0bef9d8d-7ffe0bef9da0 846->848 849 7ffe0bef9da6 call 7ffe0bf4f9c8 846->849 848->777 848->849 849->845
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Mtx_unlock
                                                                              • String ID: -$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$buffer has capacity of {}, while {} is needed$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                                              • API String ID: 3867719841-632606356
                                                                              • Opcode ID: 2d52f2000935f6e63435e5294d3f0b6f364dc658146fd4dfe85ec427ec256439
                                                                              • Instruction ID: 044f49cf0b21e55e833852f10cd6be066de1d10e648b4fc9e77f5c409dd5b9ea
                                                                              • Opcode Fuzzy Hash: 2d52f2000935f6e63435e5294d3f0b6f364dc658146fd4dfe85ec427ec256439
                                                                              • Instruction Fuzzy Hash: 2C128D62B24B8685EF00CF69D8443AD3761FB45798F505232EA5E97AFADF78D486C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFF400 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FolderPathProcessSpecial$CurrentErrorLastSession_invalid_parameter_noinfo_noreturn
                                                                              • String ID: .$SHGetSpecialFolderPathW() failed with error {}
                                                                              • API String ID: 2640792341-2940119500
                                                                              • Opcode ID: beac3260d1fe0ee5e85ab3cc928f3e324c1963a41e9799384e70ec2d293fb215
                                                                              • Instruction ID: 9d91272bba8a0d60cab703047741d5cd8ef4925093d9198d9190de5da407d698
                                                                              • Opcode Fuzzy Hash: beac3260d1fe0ee5e85ab3cc928f3e324c1963a41e9799384e70ec2d293fb215
                                                                              • Instruction Fuzzy Hash: 9741C432B19B8786EB248F24E8443AE7361FB84B58F404231DA5E87AB9DF3CD585C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4E460 Relevance: 10.7, APIs: 7, Instructions: 230fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 958 7ffe0bf4e460-7ffe0bf4e488 959 7ffe0bf4e48a 958->959 960 7ffe0bf4e48d-7ffe0bf4e49e 958->960 959->960 961 7ffe0bf4e4a5-7ffe0bf4e4ae 960->961 961->961 962 7ffe0bf4e4b0-7ffe0bf4e505 call 7ffe0beff2c0 CreateFileW 961->962 965 7ffe0bf4e53e-7ffe0bf4e555 962->965 966 7ffe0bf4e507-7ffe0bf4e51e 962->966 969 7ffe0bf4e557-7ffe0bf4e562 GetLastError 965->969 970 7ffe0bf4e5b9-7ffe0bf4e5ce call 7ffe0bf4e1c0 FindCloseChangeNotification 965->970 967 7ffe0bf4e520-7ffe0bf4e533 966->967 968 7ffe0bf4e539 call 7ffe0bf4f9c8 966->968 967->968 971 7ffe0bf4e5ef-7ffe0bf4e61a call 7ffe0bf6f500 967->971 968->965 974 7ffe0bf4e564-7ffe0bf4e56c 969->974 975 7ffe0bf4e5a6-7ffe0bf4e5b7 call 7ffe0bf4e010 969->975 985 7ffe0bf4e5d4-7ffe0bf4e5ee call 7ffe0bf50080 970->985 987 7ffe0bf4e620-7ffe0bf4e627 971->987 976 7ffe0bf4e56e 974->976 977 7ffe0bf4e571-7ffe0bf4e57c GetFileAttributesW 974->977 975->985 976->977 981 7ffe0bf4e59e-7ffe0bf4e5a4 GetLastError 977->981 982 7ffe0bf4e57e-7ffe0bf4e582 977->982 981->975 982->975 986 7ffe0bf4e584-7ffe0bf4e59c call 7ffe0bf4de20 982->986 986->985 987->987 990 7ffe0bf4e629-7ffe0bf4e63a 987->990 993 7ffe0bf4e660-7ffe0bf4e66d 990->993 994 7ffe0bf4e63c-7ffe0bf4e643 990->994 997 7ffe0bf4e673-7ffe0bf4e67d 993->997 998 7ffe0bf4e75b-7ffe0bf4e760 call 7ffe0bef3150 993->998 995 7ffe0bf4e645 994->995 996 7ffe0bf4e648-7ffe0bf4e65b call 7ffe0bf62b60 994->996 995->996 1012 7ffe0bf4e740-7ffe0bf4e75a 996->1012 1001 7ffe0bf4e693-7ffe0bf4e6a2 997->1001 1002 7ffe0bf4e67f-7ffe0bf4e691 call 7ffe0bef17c0 997->1002 1011 7ffe0bf4e761-7ffe0bf4e766 call 7ffe0bf6f500 998->1011 1003 7ffe0bf4e6a4-7ffe0bf4e6b6 call 7ffe0bef17c0 1001->1003 1004 7ffe0bf4e6b8-7ffe0bf4e6d1 1001->1004 1019 7ffe0bf4e6ef-7ffe0bf4e70e call 7ffe0bf62b60 1002->1019 1003->1019 1009 7ffe0bf4e6d3-7ffe0bf4e6db call 7ffe0bef17c0 1004->1009 1010 7ffe0bf4e6dd-7ffe0bf4e6e0 1004->1010 1009->1019 1016 7ffe0bf4e6e2-7ffe0bf4e6ea call 7ffe0bf4f98c 1010->1016 1017 7ffe0bf4e6ec 1010->1017 1016->1019 1017->1019 1026 7ffe0bf4e710-7ffe0bf4e71e 1019->1026 1027 7ffe0bf4e73d 1019->1027 1028 7ffe0bf4e720-7ffe0bf4e733 1026->1028 1029 7ffe0bf4e738 call 7ffe0bf4f9c8 1026->1029 1027->1012 1028->1011 1030 7ffe0bf4e735 1028->1030 1029->1027 1030->1029
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLast_invalid_parameter_noinfo_noreturn$AttributesCreate
                                                                              • String ID:
                                                                              • API String ID: 2181032588-0
                                                                              • Opcode ID: 2e3c6637dba33a5375d42a7224666a5274b1dfd18a522cd09719162221486187
                                                                              • Instruction ID: 81a668d808f726091123d62188ea91366dabb20e72efa74e9e0848c8632b17df
                                                                              • Opcode Fuzzy Hash: 2e3c6637dba33a5375d42a7224666a5274b1dfd18a522cd09719162221486187
                                                                              • Instruction Fuzzy Hash: 8981C272A1868685FB289B26ED442797751FB45BE0F505630EA6F8BBF5DF3CE4818300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF4507 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1032 7ffe0bef4507-7ffe0bef4520 call 7ffe0bf10ce0 1035 7ffe0bef45f9-7ffe0bef461d call 7ffe0bf50080 1032->1035 1036 7ffe0bef4526-7ffe0bef453b 1032->1036 1038 7ffe0bef45f3-7ffe0bef45f8 call 7ffe0bf4f9c8 1036->1038 1039 7ffe0bef4541-7ffe0bef4554 1036->1039 1038->1035 1040 7ffe0bef455a 1039->1040 1041 7ffe0bef4636-7ffe0bef4647 call 7ffe0bf6f500 * 3 1039->1041 1040->1038 1054 7ffe0bef4650-7ffe0bef46cf call 7ffe0bf0d760 1041->1054 1057 7ffe0bef46ec-7ffe0bef4700 call 7ffe0bf10ce0 1054->1057 1058 7ffe0bef46d1-7ffe0bef46da 1054->1058 1064 7ffe0bef4734-7ffe0bef475b call 7ffe0bf00950 1057->1064 1065 7ffe0bef4702-7ffe0bef4714 1057->1065 1060 7ffe0bef46dc 1058->1060 1061 7ffe0bef46df-7ffe0bef46e7 call 7ffe0bef3270 1058->1061 1060->1061 1061->1057 1071 7ffe0bef4760-7ffe0bef4788 call 7ffe0bef2230 1064->1071 1066 7ffe0bef4716-7ffe0bef4729 1065->1066 1067 7ffe0bef472f call 7ffe0bf4f9c8 1065->1067 1066->1067 1069 7ffe0bef48f7-7ffe0bef48fc call 7ffe0bf6f500 1066->1069 1067->1064 1076 7ffe0bef48fd-7ffe0bef4902 call 7ffe0bf6f500 1069->1076 1075 7ffe0bef478d-7ffe0bef479a 1071->1075 1077 7ffe0bef479c-7ffe0bef47b1 1075->1077 1078 7ffe0bef47d1-7ffe0bef4805 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0befb150 1075->1078 1087 7ffe0bef4903-7ffe0bef4908 call 7ffe0bf6f500 1076->1087 1081 7ffe0bef47cc call 7ffe0bf4f9c8 1077->1081 1082 7ffe0bef47b3-7ffe0bef47c6 1077->1082 1094 7ffe0bef483d-7ffe0bef4850 call 7ffe0bf10ce0 1078->1094 1095 7ffe0bef4807-7ffe0bef481c 1078->1095 1081->1078 1082->1076 1082->1081 1093 7ffe0bef4909-7ffe0bef4923 call 7ffe0bf6f500 * 2 1087->1093 1093->1054 1104 7ffe0bef4885-7ffe0bef48f6 call 7ffe0bf50080 1094->1104 1105 7ffe0bef4852-7ffe0bef4864 1094->1105 1097 7ffe0bef4837-7ffe0bef483c call 7ffe0bf4f9c8 1095->1097 1098 7ffe0bef481e-7ffe0bef4831 1095->1098 1097->1094 1098->1087 1098->1097 1108 7ffe0bef4866-7ffe0bef4879 1105->1108 1109 7ffe0bef487f-7ffe0bef4884 call 7ffe0bf4f9c8 1105->1109 1108->1093 1108->1109 1109->1104
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                              • API String ID: 3668304517-2202528157
                                                                              • Opcode ID: 5a4bcbad542ef0afb540b301c0fa5965c43cc73f303fd99a96c887a74714bb82
                                                                              • Instruction ID: d2fc83b93986ac4434b39d8bb42d5162e3ba73db032fe4e3bd9ea65f75e932ac
                                                                              • Opcode Fuzzy Hash: 5a4bcbad542ef0afb540b301c0fa5965c43cc73f303fd99a96c887a74714bb82
                                                                              • Instruction Fuzzy Hash: 38719562A286CA41FE10DB65E85436E7361FB857E0F504231EAAE93BF9DF7CD4818700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF0EDF7 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 358COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1184 7ffe0bf0edf7-7ffe0bf0ee74 call 7ffe0bef3180 call 7ffe0bf62b60 call 7ffe0befe160 1194 7ffe0bf0ee76 1184->1194 1195 7ffe0bf0ee79-7ffe0bf0ef7a call 7ffe0befef80 call 7ffe0bf52a80 call 7ffe0bf52020 call 7ffe0bf52ab0 1184->1195 1194->1195 1207 7ffe0bf0efa8-7ffe0bf0efb3 1195->1207 1208 7ffe0bf0ef7c-7ffe0bf0ef8d 1195->1208 1210 7ffe0bf0efb5-7ffe0bf0efc9 1207->1210 1211 7ffe0bf0efea-7ffe0bf0eff5 1207->1211 1208->1207 1209 7ffe0bf0ef8f-7ffe0bf0ef9d 1208->1209 1209->1207 1214 7ffe0bf0ef9f-7ffe0bf0efa7 1209->1214 1215 7ffe0bf0efe4-7ffe0bf0efe9 call 7ffe0bf4f9c8 1210->1215 1216 7ffe0bf0efcb-7ffe0bf0efde 1210->1216 1212 7ffe0bf0eff7-7ffe0bf0f00b 1211->1212 1213 7ffe0bf0f02c-7ffe0bf0f037 1211->1213 1217 7ffe0bf0f026-7ffe0bf0f02b call 7ffe0bf4f9c8 1212->1217 1218 7ffe0bf0f00d-7ffe0bf0f020 1212->1218 1219 7ffe0bf0f039-7ffe0bf0f04d 1213->1219 1220 7ffe0bf0f06d-7ffe0bf0f08f 1213->1220 1214->1207 1215->1211 1216->1215 1221 7ffe0bf0f44a-7ffe0bf0f44f call 7ffe0bf6f500 1216->1221 1217->1213 1218->1217 1225 7ffe0bf0f450-7ffe0bf0f455 call 7ffe0bf6f500 1218->1225 1227 7ffe0bf0f04f-7ffe0bf0f062 1219->1227 1228 7ffe0bf0f068 call 7ffe0bf4f9c8 1219->1228 1230 7ffe0bf0f091-7ffe0bf0f0a2 1220->1230 1231 7ffe0bf0f0c2-7ffe0bf0f0e6 1220->1231 1221->1225 1237 7ffe0bf0f456-7ffe0bf0f49c call 7ffe0bf6f500 call 7ffe0bf7582c 1225->1237 1227->1228 1227->1237 1228->1220 1239 7ffe0bf0f0a4-7ffe0bf0f0b7 1230->1239 1240 7ffe0bf0f0bd call 7ffe0bf4f9c8 1230->1240 1233 7ffe0bf0f101-7ffe0bf0f166 call 7ffe0bf52a80 call 7ffe0bf52020 call 7ffe0bf52ab0 1231->1233 1234 7ffe0bf0f0e8-7ffe0bf0f0fd 1231->1234 1268 7ffe0bf0f195-7ffe0bf0f1d9 call 7ffe0bf0d760 call 7ffe0bf52a80 call 7ffe0bef6d20 1233->1268 1269 7ffe0bf0f168-7ffe0bf0f179 1233->1269 1234->1233 1257 7ffe0bf0f4a0-7ffe0bf0f4a8 1237->1257 1239->1240 1245 7ffe0bf0f424-7ffe0bf0f449 call 7ffe0bf6f500 call 7ffe0bf28124 call 7ffe0bf6f500 * 3 call 7ffe0bef3150 1239->1245 1240->1231 1245->1221 1257->1257 1260 7ffe0bf0f4aa-7ffe0bf0f4ba call 7ffe0bef1800 1257->1260 1287 7ffe0bf0f1df-7ffe0bf0f20f call 7ffe0bf52020 call 7ffe0bf52ab0 1268->1287 1288 7ffe0bf0f1db 1268->1288 1269->1268 1272 7ffe0bf0f17b-7ffe0bf0f189 1269->1272 1272->1268 1275 7ffe0bf0f18b-7ffe0bf0f18e 1272->1275 1275->1268 1293 7ffe0bf0f23e-7ffe0bf0f27a call 7ffe0bf54620 call 7ffe0bf55470 call 7ffe0bf548f0 1287->1293 1294 7ffe0bf0f211-7ffe0bf0f222 1287->1294 1288->1287 1305 7ffe0bf0f280-7ffe0bf0f33d call 7ffe0befd990 call 7ffe0bf05630 call 7ffe0bf0e360 call 7ffe0bf589d0 1293->1305 1306 7ffe0bf0f3d1-7ffe0bf0f3d4 1293->1306 1294->1293 1295 7ffe0bf0f224-7ffe0bf0f232 1294->1295 1295->1293 1297 7ffe0bf0f234-7ffe0bf0f237 1295->1297 1297->1293 1326 7ffe0bf0f33f-7ffe0bf0f343 1305->1326 1327 7ffe0bf0f353-7ffe0bf0f360 1305->1327 1307 7ffe0bf0f3e0-7ffe0bf0f3ef call 7ffe0bf074c0 1306->1307 1308 7ffe0bf0f3d6-7ffe0bf0f3db call 7ffe0bf54330 1306->1308 1317 7ffe0bf0f3f1-7ffe0bf0f3f5 ReleaseSRWLockShared 1307->1317 1318 7ffe0bf0f3fa-7ffe0bf0f423 call 7ffe0bf50080 1307->1318 1308->1307 1317->1318 1328 7ffe0bf0f345-7ffe0bf0f351 1326->1328 1329 7ffe0bf0f37b-7ffe0bf0f384 1326->1329 1330 7ffe0bf0f36f-7ffe0bf0f376 call 7ffe0bf0d3e0 1327->1330 1328->1330 1332 7ffe0bf0f386 1329->1332 1333 7ffe0bf0f389-7ffe0bf0f3ae call 7ffe0bf0d3e0 call 7ffe0befa0d0 call 7ffe0bf54910 1329->1333 1330->1329 1332->1333 1339 7ffe0bf0f3b3-7ffe0bf0f3cc call 7ffe0bf58910 call 7ffe0bf07290 1333->1339 1339->1306
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !!!FATAL!!! $FileName$Scope$ThreadId
                                                                              • API String ID: 0-967080973
                                                                              • Opcode ID: 4e1255f63a5424c12aff2119a165ed6b3e4409f8438a9b7516dbfd73cc261f37
                                                                              • Instruction ID: 0f84bb78a2907b05bc17d05a4243204996d9456f0cbeedac5697f6baeee786bd
                                                                              • Opcode Fuzzy Hash: 4e1255f63a5424c12aff2119a165ed6b3e4409f8438a9b7516dbfd73cc261f37
                                                                              • Instruction Fuzzy Hash: C0F17B72A19B8685EF658F68DC803E97761FB84794F404132DA4E87BB9DF38E685C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF0EDC8 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 349COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1344 7ffe0bf0edc8-7ffe0bf0ee74 call 7ffe0bf62b60 call 7ffe0befe160 1352 7ffe0bf0ee76 1344->1352 1353 7ffe0bf0ee79-7ffe0bf0ef7a call 7ffe0befef80 call 7ffe0bf52a80 call 7ffe0bf52020 call 7ffe0bf52ab0 1344->1353 1352->1353 1365 7ffe0bf0efa8-7ffe0bf0efb3 1353->1365 1366 7ffe0bf0ef7c-7ffe0bf0ef8d 1353->1366 1368 7ffe0bf0efb5-7ffe0bf0efc9 1365->1368 1369 7ffe0bf0efea-7ffe0bf0eff5 1365->1369 1366->1365 1367 7ffe0bf0ef8f-7ffe0bf0ef9d 1366->1367 1367->1365 1372 7ffe0bf0ef9f-7ffe0bf0efa7 1367->1372 1373 7ffe0bf0efe4-7ffe0bf0efe9 call 7ffe0bf4f9c8 1368->1373 1374 7ffe0bf0efcb-7ffe0bf0efde 1368->1374 1370 7ffe0bf0eff7-7ffe0bf0f00b 1369->1370 1371 7ffe0bf0f02c-7ffe0bf0f037 1369->1371 1375 7ffe0bf0f026-7ffe0bf0f02b call 7ffe0bf4f9c8 1370->1375 1376 7ffe0bf0f00d-7ffe0bf0f020 1370->1376 1377 7ffe0bf0f039-7ffe0bf0f04d 1371->1377 1378 7ffe0bf0f06d-7ffe0bf0f08f 1371->1378 1372->1365 1373->1369 1374->1373 1379 7ffe0bf0f44a-7ffe0bf0f44f call 7ffe0bf6f500 1374->1379 1375->1371 1376->1375 1383 7ffe0bf0f450-7ffe0bf0f455 call 7ffe0bf6f500 1376->1383 1385 7ffe0bf0f04f-7ffe0bf0f062 1377->1385 1386 7ffe0bf0f068 call 7ffe0bf4f9c8 1377->1386 1388 7ffe0bf0f091-7ffe0bf0f0a2 1378->1388 1389 7ffe0bf0f0c2-7ffe0bf0f0e6 1378->1389 1379->1383 1395 7ffe0bf0f456-7ffe0bf0f49c call 7ffe0bf6f500 call 7ffe0bf7582c 1383->1395 1385->1386 1385->1395 1386->1378 1397 7ffe0bf0f0a4-7ffe0bf0f0b7 1388->1397 1398 7ffe0bf0f0bd call 7ffe0bf4f9c8 1388->1398 1391 7ffe0bf0f101-7ffe0bf0f166 call 7ffe0bf52a80 call 7ffe0bf52020 call 7ffe0bf52ab0 1389->1391 1392 7ffe0bf0f0e8-7ffe0bf0f0fd 1389->1392 1426 7ffe0bf0f195-7ffe0bf0f1d9 call 7ffe0bf0d760 call 7ffe0bf52a80 call 7ffe0bef6d20 1391->1426 1427 7ffe0bf0f168-7ffe0bf0f179 1391->1427 1392->1391 1415 7ffe0bf0f4a0-7ffe0bf0f4a8 1395->1415 1397->1398 1403 7ffe0bf0f424-7ffe0bf0f449 call 7ffe0bf6f500 call 7ffe0bf28124 call 7ffe0bf6f500 * 3 call 7ffe0bef3150 1397->1403 1398->1389 1403->1379 1415->1415 1418 7ffe0bf0f4aa-7ffe0bf0f4ba call 7ffe0bef1800 1415->1418 1445 7ffe0bf0f1df-7ffe0bf0f20f call 7ffe0bf52020 call 7ffe0bf52ab0 1426->1445 1446 7ffe0bf0f1db 1426->1446 1427->1426 1430 7ffe0bf0f17b-7ffe0bf0f189 1427->1430 1430->1426 1433 7ffe0bf0f18b-7ffe0bf0f18e 1430->1433 1433->1426 1451 7ffe0bf0f23e-7ffe0bf0f27a call 7ffe0bf54620 call 7ffe0bf55470 call 7ffe0bf548f0 1445->1451 1452 7ffe0bf0f211-7ffe0bf0f222 1445->1452 1446->1445 1463 7ffe0bf0f280-7ffe0bf0f33d call 7ffe0befd990 call 7ffe0bf05630 call 7ffe0bf0e360 call 7ffe0bf589d0 1451->1463 1464 7ffe0bf0f3d1-7ffe0bf0f3d4 1451->1464 1452->1451 1453 7ffe0bf0f224-7ffe0bf0f232 1452->1453 1453->1451 1455 7ffe0bf0f234-7ffe0bf0f237 1453->1455 1455->1451 1484 7ffe0bf0f33f-7ffe0bf0f343 1463->1484 1485 7ffe0bf0f353-7ffe0bf0f360 1463->1485 1465 7ffe0bf0f3e0-7ffe0bf0f3ef call 7ffe0bf074c0 1464->1465 1466 7ffe0bf0f3d6-7ffe0bf0f3db call 7ffe0bf54330 1464->1466 1475 7ffe0bf0f3f1-7ffe0bf0f3f5 ReleaseSRWLockShared 1465->1475 1476 7ffe0bf0f3fa-7ffe0bf0f423 call 7ffe0bf50080 1465->1476 1466->1465 1475->1476 1486 7ffe0bf0f345-7ffe0bf0f351 1484->1486 1487 7ffe0bf0f37b-7ffe0bf0f384 1484->1487 1488 7ffe0bf0f36f-7ffe0bf0f376 call 7ffe0bf0d3e0 1485->1488 1486->1488 1490 7ffe0bf0f386 1487->1490 1491 7ffe0bf0f389-7ffe0bf0f39f call 7ffe0bf0d3e0 call 7ffe0befa0d0 1487->1491 1488->1487 1490->1491 1495 7ffe0bf0f3a4-7ffe0bf0f3ae call 7ffe0bf54910 1491->1495 1497 7ffe0bf0f3b3-7ffe0bf0f3cc call 7ffe0bf58910 call 7ffe0bf07290 1495->1497 1497->1464
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !!!FATAL!!! $FileName$Scope$ThreadId
                                                                              • API String ID: 0-967080973
                                                                              • Opcode ID: d43a1a34a926983430290ba7df7125675037cb552fe236f9c81a9310c05e96c3
                                                                              • Instruction ID: 518f89d00d4a178a9316fa66fc3c4d8008114efb90ccbe0c1975da01f8b5eb81
                                                                              • Opcode Fuzzy Hash: d43a1a34a926983430290ba7df7125675037cb552fe236f9c81a9310c05e96c3
                                                                              • Instruction Fuzzy Hash: 0CF17C72A19B8685EB659F68DC803E97361FB84794F404132DA4E87BB5DF3CE685C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF455F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 182COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1502 7ffe0bef455f-7ffe0bef4578 call 7ffe0bf10ce0 1505 7ffe0bef457a-7ffe0bef458f 1502->1505 1506 7ffe0bef45f9-7ffe0bef461d call 7ffe0bf50080 1502->1506 1508 7ffe0bef45f3-7ffe0bef45f8 call 7ffe0bf4f9c8 1505->1508 1509 7ffe0bef4591-7ffe0bef45a4 1505->1509 1508->1506 1510 7ffe0bef463c-7ffe0bef4647 call 7ffe0bf6f500 * 2 1509->1510 1511 7ffe0bef45aa 1509->1511 1521 7ffe0bef4650-7ffe0bef46cf call 7ffe0bf0d760 1510->1521 1511->1508 1524 7ffe0bef46ec-7ffe0bef4700 call 7ffe0bf10ce0 1521->1524 1525 7ffe0bef46d1-7ffe0bef46da 1521->1525 1531 7ffe0bef4734-7ffe0bef475b call 7ffe0bf00950 1524->1531 1532 7ffe0bef4702-7ffe0bef4714 1524->1532 1527 7ffe0bef46dc 1525->1527 1528 7ffe0bef46df-7ffe0bef46e7 call 7ffe0bef3270 1525->1528 1527->1528 1528->1524 1538 7ffe0bef4760-7ffe0bef4788 call 7ffe0bef2230 1531->1538 1533 7ffe0bef4716-7ffe0bef4729 1532->1533 1534 7ffe0bef472f call 7ffe0bf4f9c8 1532->1534 1533->1534 1536 7ffe0bef48f7-7ffe0bef48fc call 7ffe0bf6f500 1533->1536 1534->1531 1543 7ffe0bef48fd-7ffe0bef4902 call 7ffe0bf6f500 1536->1543 1542 7ffe0bef478d-7ffe0bef479a 1538->1542 1544 7ffe0bef479c-7ffe0bef47b1 1542->1544 1545 7ffe0bef47d1-7ffe0bef4805 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0befb150 1542->1545 1554 7ffe0bef4903-7ffe0bef4908 call 7ffe0bf6f500 1543->1554 1548 7ffe0bef47cc call 7ffe0bf4f9c8 1544->1548 1549 7ffe0bef47b3-7ffe0bef47c6 1544->1549 1561 7ffe0bef483d-7ffe0bef4850 call 7ffe0bf10ce0 1545->1561 1562 7ffe0bef4807-7ffe0bef481c 1545->1562 1548->1545 1549->1543 1549->1548 1560 7ffe0bef4909-7ffe0bef4923 call 7ffe0bf6f500 * 2 1554->1560 1560->1521 1571 7ffe0bef4885-7ffe0bef48f6 call 7ffe0bf50080 1561->1571 1572 7ffe0bef4852-7ffe0bef4864 1561->1572 1564 7ffe0bef4837-7ffe0bef483c call 7ffe0bf4f9c8 1562->1564 1565 7ffe0bef481e-7ffe0bef4831 1562->1565 1564->1561 1565->1554 1565->1564 1575 7ffe0bef4866-7ffe0bef4879 1572->1575 1576 7ffe0bef487f-7ffe0bef4884 call 7ffe0bf4f9c8 1572->1576 1575->1560 1575->1576 1576->1571
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                              • API String ID: 3668304517-2202528157
                                                                              • Opcode ID: 55019143d156af845b3f99fd126a35005dc8cbb2b6df535daa8d98399302e1af
                                                                              • Instruction ID: f08158accbf93f9a7161b37a790bd9592d709f8ec49994b6e6354072ad073699
                                                                              • Opcode Fuzzy Hash: 55019143d156af845b3f99fd126a35005dc8cbb2b6df535daa8d98399302e1af
                                                                              • Instruction Fuzzy Hash: 01718462A286CA41FE109B65E85436E7361FB857E0F504231EAAE93BF9DF7CD4818700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF4195 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1583 7ffe0bef4195-7ffe0bef41a8 call 7ffe0bf10ce0 1586 7ffe0bef41aa-7ffe0bef41bc 1583->1586 1587 7ffe0bef41d9-7ffe0bef41f3 call 7ffe0bf50080 1583->1587 1588 7ffe0bef41d3-7ffe0bef41d8 call 7ffe0bf4f9c8 1586->1588 1589 7ffe0bef41be-7ffe0bef41d1 1586->1589 1588->1587 1589->1588 1591 7ffe0bef4200-7ffe0bef42c8 call 7ffe0bf6f500 call 7ffe0bf0d760 1589->1591 1600 7ffe0bef42ca-7ffe0bef42d3 1591->1600 1601 7ffe0bef42e8-7ffe0bef4302 call 7ffe0bf10ce0 1591->1601 1602 7ffe0bef42d8-7ffe0bef42e3 call 7ffe0bef3270 1600->1602 1603 7ffe0bef42d5 1600->1603 1607 7ffe0bef4339-7ffe0bef43e8 call 7ffe0bf00950 call 7ffe0bef1fb0 1601->1607 1608 7ffe0bef4304-7ffe0bef4319 1601->1608 1602->1601 1603->1602 1619 7ffe0bef43ea-7ffe0bef43ff 1607->1619 1620 7ffe0bef441f-7ffe0bef4456 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0bef99b0 1607->1620 1609 7ffe0bef431b-7ffe0bef432e 1608->1609 1610 7ffe0bef4334 call 7ffe0bf4f9c8 1608->1610 1609->1610 1612 7ffe0bef461e-7ffe0bef4623 call 7ffe0bf6f500 1609->1612 1610->1607 1621 7ffe0bef4624-7ffe0bef4629 call 7ffe0bf6f500 1612->1621 1622 7ffe0bef441a call 7ffe0bf4f9c8 1619->1622 1623 7ffe0bef4401-7ffe0bef4414 1619->1623 1636 7ffe0bef445b-7ffe0bef4469 1620->1636 1630 7ffe0bef462a-7ffe0bef462f call 7ffe0bf6f500 1621->1630 1622->1620 1623->1621 1623->1622 1635 7ffe0bef4630-7ffe0bef4647 call 7ffe0bf6f500 * 4 1630->1635 1665 7ffe0bef4650-7ffe0bef46cf call 7ffe0bf0d760 1635->1665 1638 7ffe0bef446b-7ffe0bef4480 1636->1638 1639 7ffe0bef44a1-7ffe0bef44c5 call 7ffe0bf10ce0 1636->1639 1642 7ffe0bef449b-7ffe0bef44a0 call 7ffe0bf4f9c8 1638->1642 1643 7ffe0bef4482-7ffe0bef4495 1638->1643 1647 7ffe0bef44fd-7ffe0bef461d call 7ffe0bf50080 1639->1647 1648 7ffe0bef44c7-7ffe0bef44dc 1639->1648 1642->1639 1643->1630 1643->1642 1651 7ffe0bef44f7-7ffe0bef44fc call 7ffe0bf4f9c8 1648->1651 1652 7ffe0bef44de-7ffe0bef44f1 1648->1652 1651->1647 1652->1635 1652->1651 1668 7ffe0bef46ec-7ffe0bef4700 call 7ffe0bf10ce0 1665->1668 1669 7ffe0bef46d1-7ffe0bef46da 1665->1669 1675 7ffe0bef4734-7ffe0bef4788 call 7ffe0bf00950 call 7ffe0bef2230 1668->1675 1676 7ffe0bef4702-7ffe0bef4714 1668->1676 1671 7ffe0bef46dc 1669->1671 1672 7ffe0bef46df-7ffe0bef46e7 call 7ffe0bef3270 1669->1672 1671->1672 1672->1668 1686 7ffe0bef478d-7ffe0bef479a 1675->1686 1677 7ffe0bef4716-7ffe0bef4729 1676->1677 1678 7ffe0bef472f call 7ffe0bf4f9c8 1676->1678 1677->1678 1680 7ffe0bef48f7-7ffe0bef48fc call 7ffe0bf6f500 1677->1680 1678->1675 1687 7ffe0bef48fd-7ffe0bef4902 call 7ffe0bf6f500 1680->1687 1688 7ffe0bef479c-7ffe0bef47b1 1686->1688 1689 7ffe0bef47d1-7ffe0bef4805 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0befb150 1686->1689 1698 7ffe0bef4903-7ffe0bef4908 call 7ffe0bf6f500 1687->1698 1692 7ffe0bef47cc call 7ffe0bf4f9c8 1688->1692 1693 7ffe0bef47b3-7ffe0bef47c6 1688->1693 1705 7ffe0bef483d-7ffe0bef4850 call 7ffe0bf10ce0 1689->1705 1706 7ffe0bef4807-7ffe0bef481c 1689->1706 1692->1689 1693->1687 1693->1692 1704 7ffe0bef4909-7ffe0bef4923 call 7ffe0bf6f500 * 2 1698->1704 1704->1665 1715 7ffe0bef4885-7ffe0bef48f6 call 7ffe0bf50080 1705->1715 1716 7ffe0bef4852-7ffe0bef4864 1705->1716 1708 7ffe0bef4837-7ffe0bef483c call 7ffe0bf4f9c8 1706->1708 1709 7ffe0bef481e-7ffe0bef4831 1706->1709 1708->1705 1709->1698 1709->1708 1719 7ffe0bef4866-7ffe0bef4879 1716->1719 1720 7ffe0bef487f-7ffe0bef4884 call 7ffe0bf4f9c8 1716->1720 1719->1704 1719->1720 1720->1715
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                                              • API String ID: 3668304517-3364537058
                                                                              • Opcode ID: 70eaf972c4f0a84a90e1e23765420713bd5f986fab5b9aa3a89531dfd7e63064
                                                                              • Instruction ID: 19f7d7e0cd0b82471a59002bccd49b782f7794fb9f66b5566a4590d47fbd79e1
                                                                              • Opcode Fuzzy Hash: 70eaf972c4f0a84a90e1e23765420713bd5f986fab5b9aa3a89531dfd7e63064
                                                                              • Instruction Fuzzy Hash: 64916872A187C581EA20DB65E8543AE7361FB857A0F504232EA9E93BF9DF7CD481C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF86E14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 193COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1727 7ffe0bf86e14-7ffe0bf86e43 call 7ffe0bf86d84 1730 7ffe0bf870f9-7ffe0bf8710f call 7ffe0bf6f530 1727->1730 1731 7ffe0bf86e49-7ffe0bf86e50 1727->1731 1733 7ffe0bf870f5-7ffe0bf870f7 1731->1733 1734 7ffe0bf86e56-7ffe0bf86e63 1731->1734 1735 7ffe0bf87093-7ffe0bf870b0 1733->1735 1737 7ffe0bf86e65-7ffe0bf86e6b 1734->1737 1738 7ffe0bf86e71-7ffe0bf86e77 1734->1738 1737->1738 1739 7ffe0bf87069-7ffe0bf8707c 1737->1739 1740 7ffe0bf86fe2-7ffe0bf8705a call 7ffe0bf87110 1738->1740 1741 7ffe0bf86e7d-7ffe0bf86e84 1738->1741 1745 7ffe0bf870b1-7ffe0bf870b3 1739->1745 1746 7ffe0bf8707e-7ffe0bf87081 1739->1746 1753 7ffe0bf8705d-7ffe0bf87064 call 7ffe0bf87110 1740->1753 1743 7ffe0bf86eed-7ffe0bf86f24 call 7ffe0bf7d978 1741->1743 1744 7ffe0bf86e86-7ffe0bf86ee8 call 7ffe0bf87110 1741->1744 1760 7ffe0bf86f2f 1743->1760 1761 7ffe0bf86f26-7ffe0bf86f2d 1743->1761 1759 7ffe0bf86f6d-7ffe0bf86f9b 1744->1759 1751 7ffe0bf870b5-7ffe0bf870b8 1745->1751 1752 7ffe0bf87090 1745->1752 1746->1733 1750 7ffe0bf87083-7ffe0bf87085 1746->1750 1750->1733 1756 7ffe0bf87087-7ffe0bf8708a 1750->1756 1751->1752 1757 7ffe0bf870ba-7ffe0bf870bc 1751->1757 1752->1735 1753->1739 1762 7ffe0bf870c3-7ffe0bf870d9 1756->1762 1763 7ffe0bf8708c-7ffe0bf8708e 1756->1763 1757->1762 1764 7ffe0bf870be-7ffe0bf870c1 1757->1764 1768 7ffe0bf86fb3-7ffe0bf86fbf 1759->1768 1769 7ffe0bf86f9d-7ffe0bf86fb1 1759->1769 1767 7ffe0bf86f36-7ffe0bf86f67 1760->1767 1761->1767 1765 7ffe0bf870db-7ffe0bf870e1 1762->1765 1766 7ffe0bf870e9-7ffe0bf870f3 1762->1766 1763->1752 1763->1762 1764->1733 1764->1762 1770 7ffe0bf870e5-7ffe0bf870e7 1765->1770 1766->1770 1767->1759 1771 7ffe0bf86fc1-7ffe0bf86fe0 1768->1771 1769->1771 1770->1735 1771->1753
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _get_daylight_invalid_parameter_noinfo
                                                                              • String ID: ?$W. Europe Standard Time$W. Europe Summer Time
                                                                              • API String ID: 474895018-2360834014
                                                                              • Opcode ID: 1f8f1853e0287c507c433fde31f4f0adba883f7869710e2a82ee3ac69dc10873
                                                                              • Instruction ID: 27bbc28879ac6b2faf614150778d72eaf79e8c698ddeb5ecdbba1579b8aefcbc
                                                                              • Opcode Fuzzy Hash: 1f8f1853e0287c507c433fde31f4f0adba883f7869710e2a82ee3ac69dc10873
                                                                              • Instruction Fuzzy Hash: D591A072E1C2528BE7249F19AD41579FBA1FB84740F20153AE94FC3AB4DB3CE8919B40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF45AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1772 7ffe0bef45ac-7ffe0bef45c5 call 7ffe0bf10ce0 1775 7ffe0bef45f9-7ffe0bef461d call 7ffe0bf50080 1772->1775 1776 7ffe0bef45c7-7ffe0bef45dc 1772->1776 1777 7ffe0bef45f3-7ffe0bef45f8 call 7ffe0bf4f9c8 1776->1777 1778 7ffe0bef45de-7ffe0bef45f1 1776->1778 1777->1775 1778->1777 1780 7ffe0bef4642-7ffe0bef4647 call 7ffe0bf6f500 1778->1780 1787 7ffe0bef4650-7ffe0bef46cf call 7ffe0bf0d760 1780->1787 1790 7ffe0bef46ec-7ffe0bef4700 call 7ffe0bf10ce0 1787->1790 1791 7ffe0bef46d1-7ffe0bef46da 1787->1791 1797 7ffe0bef4734-7ffe0bef475b call 7ffe0bf00950 1790->1797 1798 7ffe0bef4702-7ffe0bef4714 1790->1798 1793 7ffe0bef46dc 1791->1793 1794 7ffe0bef46df-7ffe0bef46e7 call 7ffe0bef3270 1791->1794 1793->1794 1794->1790 1804 7ffe0bef4760-7ffe0bef4788 call 7ffe0bef2230 1797->1804 1799 7ffe0bef4716-7ffe0bef4729 1798->1799 1800 7ffe0bef472f call 7ffe0bf4f9c8 1798->1800 1799->1800 1802 7ffe0bef48f7-7ffe0bef48fc call 7ffe0bf6f500 1799->1802 1800->1797 1809 7ffe0bef48fd-7ffe0bef4902 call 7ffe0bf6f500 1802->1809 1808 7ffe0bef478d-7ffe0bef479a 1804->1808 1810 7ffe0bef479c-7ffe0bef47b1 1808->1810 1811 7ffe0bef47d1-7ffe0bef4805 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0befb150 1808->1811 1820 7ffe0bef4903-7ffe0bef4908 call 7ffe0bf6f500 1809->1820 1814 7ffe0bef47cc call 7ffe0bf4f9c8 1810->1814 1815 7ffe0bef47b3-7ffe0bef47c6 1810->1815 1827 7ffe0bef483d-7ffe0bef4850 call 7ffe0bf10ce0 1811->1827 1828 7ffe0bef4807-7ffe0bef481c 1811->1828 1814->1811 1815->1809 1815->1814 1826 7ffe0bef4909-7ffe0bef4923 call 7ffe0bf6f500 * 2 1820->1826 1826->1787 1837 7ffe0bef4885-7ffe0bef48f6 call 7ffe0bf50080 1827->1837 1838 7ffe0bef4852-7ffe0bef4864 1827->1838 1830 7ffe0bef4837-7ffe0bef483c call 7ffe0bf4f9c8 1828->1830 1831 7ffe0bef481e-7ffe0bef4831 1828->1831 1830->1827 1831->1820 1831->1830 1841 7ffe0bef4866-7ffe0bef4879 1838->1841 1842 7ffe0bef487f-7ffe0bef4884 call 7ffe0bf4f9c8 1838->1842 1841->1826 1841->1842 1842->1837
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                              • API String ID: 3668304517-2202528157
                                                                              • Opcode ID: 7ca1bd24761495eee964530ec7ee32b64daa008283755ba4a70e0f6de0c42d80
                                                                              • Instruction ID: 250547d81edda7e00168d2d2788df897cd0ef659f723f9995b378eb75478e007
                                                                              • Opcode Fuzzy Hash: 7ca1bd24761495eee964530ec7ee32b64daa008283755ba4a70e0f6de0c42d80
                                                                              • Instruction Fuzzy Hash: D9717362A286CA41FE109B65E85536E7361FB857E0F504231EAAE93BF9DF7CD4818700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF488C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1849 7ffe0bef488c-7ffe0bef489f call 7ffe0bf10ce0 1852 7ffe0bef48d0 1849->1852 1853 7ffe0bef48a1-7ffe0bef48b3 1849->1853 1856 7ffe0bef48d2-7ffe0bef48f6 call 7ffe0bf50080 1852->1856 1854 7ffe0bef48ca-7ffe0bef48cf call 7ffe0bf4f9c8 1853->1854 1855 7ffe0bef48b5-7ffe0bef48c8 1853->1855 1854->1852 1855->1854 1858 7ffe0bef490f-7ffe0bef4923 call 7ffe0bf0d760 call 7ffe0bf6f500 1855->1858 1867 7ffe0bef46ec-7ffe0bef4700 call 7ffe0bf10ce0 1858->1867 1868 7ffe0bef46d1-7ffe0bef46da 1858->1868 1874 7ffe0bef4734-7ffe0bef4788 call 7ffe0bf00950 call 7ffe0bef2230 1867->1874 1875 7ffe0bef4702-7ffe0bef4714 1867->1875 1870 7ffe0bef46dc 1868->1870 1871 7ffe0bef46df-7ffe0bef46e7 call 7ffe0bef3270 1868->1871 1870->1871 1871->1867 1885 7ffe0bef478d-7ffe0bef479a 1874->1885 1876 7ffe0bef4716-7ffe0bef4729 1875->1876 1877 7ffe0bef472f call 7ffe0bf4f9c8 1875->1877 1876->1877 1879 7ffe0bef48f7-7ffe0bef48fc call 7ffe0bf6f500 1876->1879 1877->1874 1886 7ffe0bef48fd-7ffe0bef4902 call 7ffe0bf6f500 1879->1886 1887 7ffe0bef479c-7ffe0bef47b1 1885->1887 1888 7ffe0bef47d1-7ffe0bef4805 call 7ffe0bef84b0 call 7ffe0bf00950 call 7ffe0befb150 1885->1888 1897 7ffe0bef4903-7ffe0bef4908 call 7ffe0bf6f500 1886->1897 1891 7ffe0bef47cc call 7ffe0bf4f9c8 1887->1891 1892 7ffe0bef47b3-7ffe0bef47c6 1887->1892 1904 7ffe0bef483d-7ffe0bef4850 call 7ffe0bf10ce0 1888->1904 1905 7ffe0bef4807-7ffe0bef481c 1888->1905 1891->1888 1892->1886 1892->1891 1903 7ffe0bef4909-7ffe0bef490e call 7ffe0bf6f500 1897->1903 1903->1858 1913 7ffe0bef4885-7ffe0bef488a 1904->1913 1914 7ffe0bef4852-7ffe0bef4864 1904->1914 1907 7ffe0bef4837-7ffe0bef483c call 7ffe0bf4f9c8 1905->1907 1908 7ffe0bef481e-7ffe0bef4831 1905->1908 1907->1904 1908->1897 1908->1907 1913->1856 1916 7ffe0bef4866-7ffe0bef4879 1914->1916 1917 7ffe0bef487f-7ffe0bef4884 call 7ffe0bf4f9c8 1914->1917 1916->1903 1916->1917 1917->1913
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                              • API String ID: 3668304517-2202528157
                                                                              • Opcode ID: c8c3eb0ad650273b184d8eff6caae649ff6c7c2527569d56c66250ae953083db
                                                                              • Instruction ID: 0b5f7a01a6ae4d96fe38cff89d143f4e87bed501edc3bf69628f56184091fe90
                                                                              • Opcode Fuzzy Hash: c8c3eb0ad650273b184d8eff6caae649ff6c7c2527569d56c66250ae953083db
                                                                              • Instruction Fuzzy Hash: E6615462A287CA41EE149B65E84436E7362FB857E0F504331E6AE97BF9DF7CD4818700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF1FB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 143COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -$D$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp
                                                                              • API String ID: 0-2824907369
                                                                              • Opcode ID: 377e29c0b7ba4ae43bcad6af24ee3c5c107e445b7d1bd7a2a3e3bd5b2ff77c7f
                                                                              • Instruction ID: fb8b63e55e82e7c16f19aa441778889b3f2f106d265dc50b4ace6514fdd3b748
                                                                              • Opcode Fuzzy Hash: 377e29c0b7ba4ae43bcad6af24ee3c5c107e445b7d1bd7a2a3e3bd5b2ff77c7f
                                                                              • Instruction Fuzzy Hash: 36512172918BC981EA358B19E4413EAB361FBD97A0F405225EBDD537A5DF7CD181CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4DC40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateDirectoryExW.KERNEL32(?,?,?,?,?,?,00000000,00007FFE0BF4DAC0), ref: 00007FFE0BF4DC96
                                                                              • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,00000000,00007FFE0BF4DAC0), ref: 00007FFE0BF4DCAA
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FFE0BF4DAC0), ref: 00007FFE0BF4DCC6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory$ErrorLast
                                                                              • String ID: boost::filesystem::create_directory
                                                                              • API String ID: 2485089472-2941204237
                                                                              • Opcode ID: 007bc1e7fd6e910ffc57d43d67501cef627aadd5a2bb581c2b553780733c0d17
                                                                              • Instruction ID: e36a936a4fc2f8aa49792529ce64c0d6ab4df66e54af2046fc6fcdcd555c5e35
                                                                              • Opcode Fuzzy Hash: 007bc1e7fd6e910ffc57d43d67501cef627aadd5a2bb581c2b553780733c0d17
                                                                              • Instruction Fuzzy Hash: 0521CF72A18B8182EA24CF25A84426A73A1FF95BC4F544231EA4E9B774DF7CD984C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF1B48 Relevance: 6.2, APIs: 4, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: a73b778ac03f96aae259d3613d3e37379caa3efcfc39d461df04d6effbed5542
                                                                              • Instruction ID: ec1962a27947427bbe75aa80822dd441e34ac121dcd9c090ffd866b80c94e88b
                                                                              • Opcode Fuzzy Hash: a73b778ac03f96aae259d3613d3e37379caa3efcfc39d461df04d6effbed5542
                                                                              • Instruction Fuzzy Hash: 0B518962A187CA80FA209B69E8453AE7351FB857F0F505331DAAD93AF5EF7CD4858700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF061CE Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                              • String ID:
                                                                              • API String ID: 1944019136-0
                                                                              • Opcode ID: 4fb34ce46e5027e60761300b274f8fdbfb020687e157cde23a4e9595b93d5efb
                                                                              • Instruction ID: a19489279572d87908b328ce9b56f61617fbdff5f61f4104c834db6bc6007744
                                                                              • Opcode Fuzzy Hash: 4fb34ce46e5027e60761300b274f8fdbfb020687e157cde23a4e9595b93d5efb
                                                                              • Instruction Fuzzy Hash: 8551BE62F24A8295FB049F65D8053AC3322FB45B98F409231DA5E977FADF78E5A0C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4E2E0 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLast$Create$AttributesCloseHandle_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1118509424-0
                                                                              • Opcode ID: bb2368e3caadeaa83d1a2ce998a2b899ffb75d71d6edb12208d02f1c0390d4f2
                                                                              • Instruction ID: 025171e7988f0b6dce3af235e8c816dc22ea694ec25d95f4e7219be79a246fb0
                                                                              • Opcode Fuzzy Hash: bb2368e3caadeaa83d1a2ce998a2b899ffb75d71d6edb12208d02f1c0390d4f2
                                                                              • Instruction Fuzzy Hash: C141C472A0868582E7148B65EC4426AB361FB957A0F504331EBAE87BF5DF7CE4858700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4D720 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: boost::filesystem::create_directories
                                                                              • API String ID: 3668304517-2171239142
                                                                              • Opcode ID: dba03865d2df6df9b6de8d63bc1592751c8d103480e3bdb75d9ac8049b38e561
                                                                              • Instruction ID: 67bf656f9e17c382b4d96306138aba0aa3a822f5ef1d3d5ceed7fe82aa25482d
                                                                              • Opcode Fuzzy Hash: dba03865d2df6df9b6de8d63bc1592751c8d103480e3bdb75d9ac8049b38e561
                                                                              • Instruction Fuzzy Hash: 7CE18122E18A8695EB10DF74DC412ED7371FB90388F505132EA4E9BAB9EF78D945C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF2230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: M
                                                                              • API String ID: 3668304517-3664761504
                                                                              • Opcode ID: fb947283f5f45fa78222aa0afdfda8a1ffafa92f658af359c92a4b6e5c5aec14
                                                                              • Instruction ID: 5f6d6c00975acf8e1f94aa77ea6908b7746bf62fd5ece2572ac998194779e80e
                                                                              • Opcode Fuzzy Hash: fb947283f5f45fa78222aa0afdfda8a1ffafa92f658af359c92a4b6e5c5aec14
                                                                              • Instruction Fuzzy Hash: 6A413162918BC981EA208B25E8413AAB361FBD57A0F505335EADD53AB9DF3CE085C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF1DD0 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: d85b32c1d1dbb633b91ec2b438e6167dec4f0396af6b4d1462700e93ad580bc6
                                                                              • Instruction ID: acb71d83fafce04ec15fdcc76919d9ba604d6b1922f81998cdaefb4fb29f7021
                                                                              • Opcode Fuzzy Hash: d85b32c1d1dbb633b91ec2b438e6167dec4f0396af6b4d1462700e93ad580bc6
                                                                              • Instruction Fuzzy Hash: 84417062A18BCD80EA208B64E8413AAB351FB957E0F405331DAED63AF5DF7CD481C701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF64A0 Relevance: 3.1, APIs: 2, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: cdaf93d6e492ec7c4e4c85a7a56979dc9c6617eba60bcb3bc56b680d0e45dcf7
                                                                              • Instruction ID: 4c47c957715e3f7227dfc6647f44712ccbeb4fbc365a5e69c73f9e776d48c8b4
                                                                              • Opcode Fuzzy Hash: cdaf93d6e492ec7c4e4c85a7a56979dc9c6617eba60bcb3bc56b680d0e45dcf7
                                                                              • Instruction Fuzzy Hash: FE419562A18BC945EA208B68E8413AEB350FB957E0F405335DAED93AF9DF7CD485C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF2660 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 3668304517-0
                                                                              • Opcode ID: e2338ec6f6c1cfe77267a118467c35f98d8259e283e5017c71790f4b0f20afc1
                                                                              • Instruction ID: 1a0325a98f0027f411b13e602574ee9075fc5ee8b5d625c458ec6d548814c7c3
                                                                              • Opcode Fuzzy Hash: e2338ec6f6c1cfe77267a118467c35f98d8259e283e5017c71790f4b0f20afc1
                                                                              • Instruction Fuzzy Hash: E5418862918BC940EA209B25E8453AEB350FB857E0F505331EBED93AF9DF7CD4858700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF02910 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: LockShared$AcquireRelease
                                                                              • String ID:
                                                                              • API String ID: 2614130328-0
                                                                              • Opcode ID: 9c9b98ff0c234a22d35ee8cb0ab2ee3347609414d5780889e5c684dc65a826cc
                                                                              • Instruction ID: bd7e295e937aa27c64f6957ad52538f030ea972d6c723c0b49da8b21ac3e4173
                                                                              • Opcode Fuzzy Hash: 9c9b98ff0c234a22d35ee8cb0ab2ee3347609414d5780889e5c684dc65a826cc
                                                                              • Instruction Fuzzy Hash: 03217F32A28B4692DA04DB65D8000AAB3A4FF85BD4F441432EE8E97779DF3CE595C790
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF04AA0 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentEventThread
                                                                              • String ID:
                                                                              • API String ID: 2592414440-0
                                                                              • Opcode ID: 4b05e70850662d3672d1e4ff58b681fe7956ec6eb8431c754c2e462850123788
                                                                              • Instruction ID: 0ac7660770f193d3e0940312c14ba4cae47780634ec4eb08be011e7dfbc7c4e1
                                                                              • Opcode Fuzzy Hash: 4b05e70850662d3672d1e4ff58b681fe7956ec6eb8431c754c2e462850123788
                                                                              • Instruction Fuzzy Hash: 11118C32D2874286EB229F66E908379B3A0FB45B95F188030DF4EC73B5DE3CD452A650
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFF230 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 73155330-0
                                                                              • Opcode ID: 7a6a629a6b8acab1f3825e71a41c9767bef2757fb968a0234065bb75f22e3a7c
                                                                              • Instruction ID: 62772a5ef061f1142b2695f2f656068ed2666b15015771a4ebe26999777f5e7f
                                                                              • Opcode Fuzzy Hash: 7a6a629a6b8acab1f3825e71a41c9767bef2757fb968a0234065bb75f22e3a7c
                                                                              • Instruction Fuzzy Hash: D3F06256F3720B41FD68A3618C5627972806F597B0E940B31DA3F9A3F1EE1CA6D34280
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4DE20 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 067e0a2ede249a6ecf98f382bcefb1abdf032335135c8c2eb1af27ab21131d2e
                                                                              • Instruction ID: cfa41b647dd5a615d11347900a9e9611b0f83ea26e420aed4bc38cb14574cb4f
                                                                              • Opcode Fuzzy Hash: 067e0a2ede249a6ecf98f382bcefb1abdf032335135c8c2eb1af27ab21131d2e
                                                                              • Instruction Fuzzy Hash: 91513B1AA146D244EF349759C55017973A0FB51BA8F148533EE4D4B2B5EF2CDD82C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF135D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: wcsftime
                                                                              • String ID:
                                                                              • API String ID: 2902305603-0
                                                                              • Opcode ID: 18733296c6fc2a13b6026d2f43dbf3078b6a882461142f725cb917f089e54d63
                                                                              • Instruction ID: 48282d646f57be5fdd955d0a3bc093a78af30bb5a3fc2993d8685788cc848f01
                                                                              • Opcode Fuzzy Hash: 18733296c6fc2a13b6026d2f43dbf3078b6a882461142f725cb917f089e54d63
                                                                              • Instruction Fuzzy Hash: DF11A222918BC482E720CB25E9103AAB360FB98794F405335EB9D437AADF3CE194CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF835E4 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FFE0BF81BA2,?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000), ref: 00007FFE0BF83639
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 8a8076d8b911538262ddf2c283b8724ada757c2232be91ab832054381dbbbc66
                                                                              • Instruction ID: 736024d878a8d55af901cfaef3a46bbe8d17587dbbc4333a99ef78c1abcfab84
                                                                              • Opcode Fuzzy Hash: 8a8076d8b911538262ddf2c283b8724ada757c2232be91ab832054381dbbbc66
                                                                              • Instruction Fuzzy Hash: 37F06704F1920386FE545A6A9E517B83281BF88F80F1C4434E90FC73F2EE2CE4808228
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF0D73A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterInit_thread_footerLeave
                                                                              • String ID:
                                                                              • API String ID: 3960375172-0
                                                                              • Opcode ID: e05873258c21d9d6726ab9171bad3dfa8df11c24947226a3b163f8f1d0d13104
                                                                              • Instruction ID: 891a2fa1eccea20d665b4c0d37d688753abe14075a04fa6c02108371e9031f68
                                                                              • Opcode Fuzzy Hash: e05873258c21d9d6726ab9171bad3dfa8df11c24947226a3b163f8f1d0d13104
                                                                              • Instruction Fuzzy Hash: 1AC04C11E4A50652EA21A751DD520B83311FF96351B855031D90FCB2F2DE6CBAD2D310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 00007FFE0BF29B22 Relevance: 33.3, APIs: 22, Instructions: 306COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetctypeYarn
                                                                              • String ID:
                                                                              • API String ID: 3181430533-0
                                                                              • Opcode ID: b5450752da9ea4530ec8efb390a7dc6d17c4b1b48e0fd06fe63b0fa6ce6ea16f
                                                                              • Instruction ID: 61c5cd53f449190f6b03835a84e26f11dd5fe7f5362670db1e64f92519139341
                                                                              • Opcode Fuzzy Hash: b5450752da9ea4530ec8efb390a7dc6d17c4b1b48e0fd06fe63b0fa6ce6ea16f
                                                                              • Instruction Fuzzy Hash: A0D14721E09A0685FB55AB25DD502B873A1FF64B84F848135DA5FC77BADF7CB8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF4930 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 438COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __tlregdtor
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$Unknown exception$monitor_readport {:#x}, {:#x}, {}, {:#x}$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                              • API String ID: 1373327856-2181671907
                                                                              • Opcode ID: 3b5e4c59b0c7a12e8350fdbde2290a376743fee4a1c4e51955ba074ca3e142f0
                                                                              • Instruction ID: 3a71487d70f1848d1520807ebc3dc8f1fb147e0bcbe30af84d0d59f4e4f112d2
                                                                              • Opcode Fuzzy Hash: 3b5e4c59b0c7a12e8350fdbde2290a376743fee4a1c4e51955ba074ca3e142f0
                                                                              • Instruction Fuzzy Hash: F602A662A18B8641EB10DB65E8443AE73A1FB857D0F505236EA9E93BF5EF3CD485C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4F390 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 393COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: , "$: "$Unknown exception
                                                                              • API String ID: 3668304517-2574047376
                                                                              • Opcode ID: b595c361e2e63963182f9db9890d6a373dd5ae374d12f738ea7391dd0e70fd8a
                                                                              • Instruction ID: 69ba3990b76fccfee8a5b1566331792a9da861048590f7f5873134c9c22b0281
                                                                              • Opcode Fuzzy Hash: b595c361e2e63963182f9db9890d6a373dd5ae374d12f738ea7391dd0e70fd8a
                                                                              • Instruction Fuzzy Hash: A5F1E362A18B8681EB24CF15E8543697361FB45BD4FA05632DA5F8B7B5CF7DE481C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF8F2C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE0BF819C8: GetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819D7
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsGetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819EC
                                                                                • Part of subcall function 00007FFE0BF819C8: SetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A77
                                                                              • TranslateName.LIBCMT ref: 00007FFE0BF8F32A
                                                                              • TranslateName.LIBCMT ref: 00007FFE0BF8F365
                                                                              • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FFE0BF8254C), ref: 00007FFE0BF8F3AC
                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FFE0BF8254C), ref: 00007FFE0BF8F3E4
                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FFE0BF8F5A1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                              • String ID: utf8
                                                                              • API String ID: 3069159798-905460609
                                                                              • Opcode ID: 37f11421dc2132e4ffe25310b4cf11757d77ae7a0c59ff0f24b4533fed8a8ebb
                                                                              • Instruction ID: edd575b5518823f2478c86a59cf1c2a65b2bee149cfecf792e47d93b2d31c3ee
                                                                              • Opcode Fuzzy Hash: 37f11421dc2132e4ffe25310b4cf11757d77ae7a0c59ff0f24b4533fed8a8ebb
                                                                              • Instruction Fuzzy Hash: 20916B32A0878289EB649F21E9416B933A4FF44B90F544532DA4EC77B6EF3DE951C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF8FD08 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE0BF819C8: GetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819D7
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsGetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819EC
                                                                                • Part of subcall function 00007FFE0BF819C8: SetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A77
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A0D
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81AAD
                                                                              • GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FFE0BF8FE78
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A3A
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A4B
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A5C
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81ACC
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81AF4
                                                                              • EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FFE0BF82545), ref: 00007FFE0BF8FE5F
                                                                              • ProcessCodePage.LIBCMT ref: 00007FFE0BF8FEA2
                                                                              • IsValidCodePage.KERNEL32 ref: 00007FFE0BF8FEB4
                                                                              • IsValidLocale.KERNEL32 ref: 00007FFE0BF8FECA
                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FFE0BF8FF26
                                                                              • GetLocaleInfoW.KERNEL32 ref: 00007FFE0BF8FF42
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                              • String ID:
                                                                              • API String ID: 2591520935-0
                                                                              • Opcode ID: 69d957cee85878869cc7abbef923967d232a696885391817352ada0f6e399ef7
                                                                              • Instruction ID: d08e4ffa93724c25edf138a6cea22e7d2f519c59e6d9fc192b70d45febe72041
                                                                              • Opcode Fuzzy Hash: 69d957cee85878869cc7abbef923967d232a696885391817352ada0f6e399ef7
                                                                              • Instruction Fuzzy Hash: 18715662F186428AFB609B61DC506BC33A4BF48B48F444936CA1E97BB5EF3CE955C350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6F214 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                              • String ID:
                                                                              • API String ID: 1239891234-0
                                                                              • Opcode ID: ca6b45c33ff49a47647ea71850c73a1221297c154a1e89d9f3aed8cbb7f5b5df
                                                                              • Instruction ID: 842facfcf447848ff6dccb86100ef003a04b72921f54eb2f5b1a632f1eb373a5
                                                                              • Opcode Fuzzy Hash: ca6b45c33ff49a47647ea71850c73a1221297c154a1e89d9f3aed8cbb7f5b5df
                                                                              • Instruction Fuzzy Hash: DD316036618B8286EB60CF25EC402AE73A5FB88758F540135EA9E83B74DF3CD155CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF5F590 Relevance: 4.5, APIs: 3, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF614B9,?,?,?,?,00007FFE0BF61473), ref: 00007FFE0BF5F596
                                                                              • HeapAlloc.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF614B9,?,?,?,?,00007FFE0BF61473), ref: 00007FFE0BF5F5A5
                                                                              • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE0BF5F5DF
                                                                                • Part of subcall function 00007FFE0BF5FC80: CreateEventA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE0BF5F5C0), ref: 00007FFE0BF5FD00
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$AllocCreateEventProcessstd::bad_alloc::bad_alloc
                                                                              • String ID:
                                                                              • API String ID: 133904026-0
                                                                              • Opcode ID: 789d4a76b758df07a1323dc470d7cd3d39f7d6292928a270d9efcc7115fa116e
                                                                              • Instruction ID: d025419b50c960eff194779966f51893d87524abd8e79911b3d27a83101bef0b
                                                                              • Opcode Fuzzy Hash: 789d4a76b758df07a1323dc470d7cd3d39f7d6292928a270d9efcc7115fa116e
                                                                              • Instruction Fuzzy Hash: 6BF08266A1AB4586EB05AB369C1426A33A5FF45B40F484034CE4F47776EF3CE545C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF83BD4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID: GetLocaleInfoEx
                                                                              • API String ID: 2299586839-2904428671
                                                                              • Opcode ID: 72be10784b72832793fc8366c21f21e44d8c05a0122345b28a350d4f2194a516
                                                                              • Instruction ID: 3bc175d1845379f82a8055a8997fdf9ffeec7cf0e327c3fabded437287058204
                                                                              • Opcode Fuzzy Hash: 72be10784b72832793fc8366c21f21e44d8c05a0122345b28a350d4f2194a516
                                                                              • Instruction Fuzzy Hash: E7016261B08A8185EB089B56BC404AAB7A1FF95FC0F584036EE4E93B79CE3CE9418744
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF8F61C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE0BF819C8: GetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819D7
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsGetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819EC
                                                                                • Part of subcall function 00007FFE0BF819C8: SetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A77
                                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,00007FFE0BF8FE0B,?,00000000,00000092,?,?,00000000,?,00007FFE0BF82545), ref: 00007FFE0BF8F6BA
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                              • String ID:
                                                                              • API String ID: 3029459697-0
                                                                              • Opcode ID: f17b4d54490848437cabf8c8bb0b3ec77cf7a560ebe2a93367acbc6783ff5b3c
                                                                              • Instruction ID: 0304694694275e30772db63d340cbb25768036a5906666f6e93766a86f361d57
                                                                              • Opcode Fuzzy Hash: f17b4d54490848437cabf8c8bb0b3ec77cf7a560ebe2a93367acbc6783ff5b3c
                                                                              • Instruction Fuzzy Hash: 36110363E186458AEB148F15D8806BC7BA1FB94FE0F458235C66A833F0CE78D6E1C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF8F6EC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE0BF819C8: GetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819D7
                                                                                • Part of subcall function 00007FFE0BF819C8: FlsGetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819EC
                                                                                • Part of subcall function 00007FFE0BF819C8: SetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A77
                                                                              • EnumSystemLocalesW.KERNEL32(?,?,?,00007FFE0BF8FDC7,?,00000000,00000092,?,?,00000000,?,00007FFE0BF82545), ref: 00007FFE0BF8F76A
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$EnumLocalesSystemValue
                                                                              • String ID:
                                                                              • API String ID: 3029459697-0
                                                                              • Opcode ID: 6cb4ae7a27bccade1f3911f95730409eedef0266c63d0a4336f8648e77ba1ecd
                                                                              • Instruction ID: 4096c9137c6a229fbe3dd24bc03ad209bc33d2315411052827a8874116622a1d
                                                                              • Opcode Fuzzy Hash: 6cb4ae7a27bccade1f3911f95730409eedef0266c63d0a4336f8648e77ba1ecd
                                                                              • Instruction Fuzzy Hash: 0401B172E082828AFB104F15EC40BBD76A1FB40BA4F458232D66A876F4CF6C9481CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4DD20 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ControlDevice
                                                                              • String ID:
                                                                              • API String ID: 2352790924-0
                                                                              • Opcode ID: 42131436067e2879b07197350c761d90aa8545014b84fa670f1b9e9c3c35056c
                                                                              • Instruction ID: c53494093fb5ad646989ce1ab02f17f2d5f485abc59e331ac8e0c70dd6a849a6
                                                                              • Opcode Fuzzy Hash: 42131436067e2879b07197350c761d90aa8545014b84fa670f1b9e9c3c35056c
                                                                              • Instruction Fuzzy Hash: 95F08C72A18B9082E7508B51F85061AB765F788BD0F544035FB8E97B68CF3CD8518B44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF83694 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FFE0BF83AE3,?,?,?,?,?,?,?,?,00000000,00007FFE0BF8EC6C), ref: 00007FFE0BF836E3
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: EnumLocalesSystem
                                                                              • String ID:
                                                                              • API String ID: 2099609381-0
                                                                              • Opcode ID: dbbdd8e3c2ff4ff881c507632eca620094f3fe5f8a10d513439e89c4835d3bb2
                                                                              • Instruction ID: 2e2f8c495d31a1f8f3949b131f2a38035b9e7aa24c018d7466600d62315ac0a7
                                                                              • Opcode Fuzzy Hash: dbbdd8e3c2ff4ff881c507632eca620094f3fe5f8a10d513439e89c4835d3bb2
                                                                              • Instruction Fuzzy Hash: 4BF01472A08B4183E704DB69FD955A93362FB98B80F548135EA5EC7775CE3CE4A08740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4A80C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: d8f5d480c7471aa2c48bbabab8ad8addd9c7980aa48f61ee73e4df2197183f8b
                                                                              • Instruction ID: 2b1c6e1081e0d838ede290ce9c2294cb339f42a2d0d15ad2b8f7f1710b84fb47
                                                                              • Opcode Fuzzy Hash: d8f5d480c7471aa2c48bbabab8ad8addd9c7980aa48f61ee73e4df2197183f8b
                                                                              • Instruction Fuzzy Hash: BEF01C66DAC04282F7B85A18CC597783260FB54301F400139EA0F8B6B9DF1DD5868741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF68DDC Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                              • API String ID: 2943138195-1482988683
                                                                              • Opcode ID: e6776e99f1d8b532013487e897ad1cb86ef6bf3cb326bb66d969eda1c85b139c
                                                                              • Instruction ID: e21edbea6b6faff518c06cb2241d4366a4f69da7830599666e739423c4649ffb
                                                                              • Opcode Fuzzy Hash: e6776e99f1d8b532013487e897ad1cb86ef6bf3cb326bb66d969eda1c85b139c
                                                                              • Instruction Fuzzy Hash: 43023C72F1861398FB148B68DD952BC3669BB09784F54913ACE0F97AB8DFBCA544C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF9070 Relevance: 46.0, APIs: 17, Strings: 9, Instructions: 466COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseHandleMtx_unlock$BuffersDeleteFileFlushOpenPrinter
                                                                              • String ID: ,$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                                              • API String ID: 2285465158-3467645581
                                                                              • Opcode ID: 46798f62e00e44115ed4d33066c8bdc2a35b226a3d448c3b77b6dfa114ca1a07
                                                                              • Instruction ID: efafa24f84e0a420f6663763819e6e0bb17dd5790289fad763fc7e0a8f51d7cd
                                                                              • Opcode Fuzzy Hash: 46798f62e00e44115ed4d33066c8bdc2a35b226a3d448c3b77b6dfa114ca1a07
                                                                              • Instruction Fuzzy Hash: 18227072A19BC681EA60DB14E8443EE7325FB85790F405231DADE93ABADF3CD585C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFD070 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 307fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Mtx_unlock_invalid_parameter_noinfo_noreturn$CloseFileHandleOpenPrinterWrite
                                                                              • String ID: ,$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$monitor_readport {:#x}, {:#x}, {}, {:#x}$no file handle to write$port object {:#x} is not present in the list
                                                                              • API String ID: 2124777539-1360970229
                                                                              • Opcode ID: e40f126bba8539673b343367555e11911144582e47336496d197a4beed0d9d35
                                                                              • Instruction ID: 4f26ffbfd2773a219525d852c13821ba534e5bdf4cd927568fe4d9940f557934
                                                                              • Opcode Fuzzy Hash: e40f126bba8539673b343367555e11911144582e47336496d197a4beed0d9d35
                                                                              • Instruction Fuzzy Hash: A3D17122B18B8685EB10DB29EC406AD7761FB85794F509235EE5E93BB9DF3CE442C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6C65C Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 289COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+$Replicator::operator[]
                                                                              • String ID: `anonymous namespace'
                                                                              • API String ID: 3863519203-3062148218
                                                                              • Opcode ID: e1e74c6b6722db3deb773fd6668ba918d02a5f8ccd01f8ddbc285da4b3b465b2
                                                                              • Instruction ID: 045f2c7577c8916f0f4a900e742863f0a63a843065e2a984910c66acf18b6ed3
                                                                              • Opcode Fuzzy Hash: e1e74c6b6722db3deb773fd6668ba918d02a5f8ccd01f8ddbc285da4b3b465b2
                                                                              • Instruction Fuzzy Hash: 09E18D76A08B8799EB10DF24D8911AC77A8FB44788F809136EE8E97B79DF38D554C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF3270 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 304COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                              • API String ID: 73155330-3963725590
                                                                              • Opcode ID: 8072d75f15be8f1169a55a0d5f15b1154148c66fdf2459ab26018b872f3f93ff
                                                                              • Instruction ID: 10d486872baf011dba3fea5901f495bed45a15cc531e9d4bab9fed151914dab4
                                                                              • Opcode Fuzzy Hash: 8072d75f15be8f1169a55a0d5f15b1154148c66fdf2459ab26018b872f3f93ff
                                                                              • Instruction Fuzzy Hash: 55C1D362A2968741FE10DB25E8043BE7251FB85BE0F504631DAAE97BF6DF7CE4818304
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFB410 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 182registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                                              • API String ID: 31251203-231907547
                                                                              • Opcode ID: 948e74f6c44357855d1a60d8d9e16e0bfb4864f318f444544f05049ad629e593
                                                                              • Instruction ID: 9a8bdd55b26ef57910cd3458786f6ff0f6b9399b2508aab86f70c9a129df7d46
                                                                              • Opcode Fuzzy Hash: 948e74f6c44357855d1a60d8d9e16e0bfb4864f318f444544f05049ad629e593
                                                                              • Instruction Fuzzy Hash: C8716E62B24A5685FB10DBB5E8443AD3362FB447A4F505631DA6EA3AF9DF78D482C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF60E20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Event$CloseHandle$Create$CurrentObjectOpenProcessResetSingleWait
                                                                              • String ID: e-flag
                                                                              • API String ID: 354184465-538632313
                                                                              • Opcode ID: 3e62840c371be89110774ddf9dfb6b2302cc5c6bdf74e30139e87b36c504c625
                                                                              • Instruction ID: ef62c101e936e9365e6ae3aa56b0f4f547305915949c8c30c748b77c7d005dd6
                                                                              • Opcode Fuzzy Hash: 3e62840c371be89110774ddf9dfb6b2302cc5c6bdf74e30139e87b36c504c625
                                                                              • Instruction Fuzzy Hash: AE719B3191C68286E751CB24E94033A77A5FB857E4F645235EB9E87AB8DF3DE484CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6AB38 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID:
                                                                              • API String ID: 2943138195-0
                                                                              • Opcode ID: b39d1213a9eb440df052bc55e7b3a4a8f23788f98588c313a4ec68cea227d173
                                                                              • Instruction ID: ae9f1f5bfc143d839eb88a02426711898444ea737d363369bb3e70616e76b07f
                                                                              • Opcode Fuzzy Hash: b39d1213a9eb440df052bc55e7b3a4a8f23788f98588c313a4ec68cea227d173
                                                                              • Instruction Fuzzy Hash: 76F16976B08A869AE710DF64D8911FC37B9FB0474CB444036DE4EA7ABADE38D959C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6D464 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: NameName::$Name::operator+
                                                                              • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                              • API String ID: 826178784-2441609178
                                                                              • Opcode ID: 50959655bfd714af9298605542fdc944d11e2181312bdffe6824512e5a51554b
                                                                              • Instruction ID: 453748f736e7fcb058c0c8d2288947fcaf700dcb478ba18277ab8cfecf13d25c
                                                                              • Opcode Fuzzy Hash: 50959655bfd714af9298605542fdc944d11e2181312bdffe6824512e5a51554b
                                                                              • Instruction Fuzzy Hash: 9BF16B2AF0864394FB189B79CD991BC37A8BF15748F450136CE0FA7AB6DE3CA9448341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFACC0 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 247COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE0BF00460: GetTempPathW.KERNEL32 ref: 00007FFE0BF004AA
                                                                                • Part of subcall function 00007FFE0BF00460: GetLastError.KERNEL32 ref: 00007FFE0BF004B4
                                                                                • Part of subcall function 00007FFE0BF00460: WideCharToMultiByte.KERNEL32 ref: 00007FFE0BF00533
                                                                                • Part of subcall function 00007FFE0BF00460: WideCharToMultiByte.KERNEL32 ref: 00007FFE0BF0056C
                                                                                • Part of subcall function 00007FFE0BF002F0: WideCharToMultiByte.KERNEL32 ref: 00007FFE0BF003C0
                                                                                • Part of subcall function 00007FFE0BF002F0: WideCharToMultiByte.KERNEL32 ref: 00007FFE0BF003F9
                                                                                • Part of subcall function 00007FFE0BF002F0: CoTaskMemFree.OLE32 ref: 00007FFE0BF00407
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFB064
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFB06A
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFB070
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn$ErrorFreeLastPathTaskTemp
                                                                              • String ID: $C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'$error${}\FaxPrinter${}\Wildix
                                                                              • API String ID: 4053574115-744896386
                                                                              • Opcode ID: 507589a20b7b51a6781f7fffe40dd1ac840723e42d6957fc781b9ddcfd6bee6c
                                                                              • Instruction ID: cc1af6d22e07a32619d5e378f142ec0c6d1bac4166abf061c74196b9f9e001b3
                                                                              • Opcode Fuzzy Hash: 507589a20b7b51a6781f7fffe40dd1ac840723e42d6957fc781b9ddcfd6bee6c
                                                                              • Instruction Fuzzy Hash: 1CC18522918BC681EB108B24F8413AEB361FB95794F505231EADE57BBADF7CD185C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF819C8 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819D7
                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF819EC
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A0D
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A3A
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A4B
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A5C
                                                                              • SetLastError.KERNEL32(?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF,?,?,00000000,00007FFE0BF8903B), ref: 00007FFE0BF81A77
                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81AAD
                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81ACC
                                                                                • Part of subcall function 00007FFE0BF835E4: RtlAllocateHeap.NTDLL(?,?,00000000,00007FFE0BF81BA2,?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000), ref: 00007FFE0BF83639
                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81AF4
                                                                                • Part of subcall function 00007FFE0BF835A8: HeapFree.KERNEL32(?,?,00007FFE0BF80D47,00007FFE0BF8E3BE,?,?,?,00007FFE0BF8E73B,?,?,00000000,00007FFE0BF8D86D,?,?,?,00007FFE0BF8D79F), ref: 00007FFE0BF835BE
                                                                                • Part of subcall function 00007FFE0BF835A8: GetLastError.KERNEL32(?,?,00007FFE0BF80D47,00007FFE0BF8E3BE,?,?,?,00007FFE0BF8E73B,?,?,00000000,00007FFE0BF8D86D,?,?,?,00007FFE0BF8D79F), ref: 00007FFE0BF835C8
                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81B05
                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFE0BF8D95B,?,?,?,00007FFE0BF87AE4,?,?,?,00007FFE0BF73BFF), ref: 00007FFE0BF81B16
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Value$ErrorLast$Heap$AllocateFree
                                                                              • String ID:
                                                                              • API String ID: 3174826731-0
                                                                              • Opcode ID: 9f986b2c2babc8c6baf5a1e2f0cfb885a60a816582fc397bfec261105259dda2
                                                                              • Instruction ID: 3e3be0283b58efee0e82373e5359075eef034c02ff590da041dacdd1048d7196
                                                                              • Opcode Fuzzy Hash: 9f986b2c2babc8c6baf5a1e2f0cfb885a60a816582fc397bfec261105259dda2
                                                                              • Instruction Fuzzy Hash: 9C413250A0D24342FB68A725AD5617972527F48BB0F545734E93FDB6F6EE2CF5828200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFA610 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 306COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFA8B4
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFA8BA
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFA8FE
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFA904
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFA90A
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFA910
                                                                                • Part of subcall function 00007FFE0BF006C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFE0BEFB457), ref: 00007FFE0BF0071F
                                                                                • Part of subcall function 00007FFE0BF006C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFE0BEFB457), ref: 00007FFE0BF007BB
                                                                                • Part of subcall function 00007FFE0BF006C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFE0BEFB457), ref: 00007FFE0BF007E8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide
                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$port level {} is invalid
                                                                              • API String ID: 469901203-1756580397
                                                                              • Opcode ID: fd944c9436511d06c7a68dd4003d01c516a86bc7e4e2ba5b00a217ea0b03a0a8
                                                                              • Instruction ID: 826f602ef99a4f53baaa09b80c69e238fdf0ae3c0199ea67bbf9cc666e2d2b8c
                                                                              • Opcode Fuzzy Hash: fd944c9436511d06c7a68dd4003d01c516a86bc7e4e2ba5b00a217ea0b03a0a8
                                                                              • Instruction Fuzzy Hash: 1DC1A462B24A4686FB10DF68D8443AC3372FB44794F506631DA5EA76F9EF78D546C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6E5DC Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Replicator::operator[]
                                                                              • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                              • API String ID: 3676697650-3207858774
                                                                              • Opcode ID: eb5dfb772da872b64948b165cb24fca11ce0200a5d144be3d9230e14ebc015cb
                                                                              • Instruction ID: 3e168c6d8e81b73e6d880c8f3b9ef275e381c67585f7b83666c8acdd2d4929db
                                                                              • Opcode Fuzzy Hash: eb5dfb772da872b64948b165cb24fca11ce0200a5d144be3d9230e14ebc015cb
                                                                              • Instruction Fuzzy Hash: B4819A3AB18A8B89FB149F24D8512B837A9BB54748F884132DE4E876B5DF3CE945C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6A3E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                              • API String ID: 2943138195-1464470183
                                                                              • Opcode ID: bff51682b923a1e294718221f69f26260e8471e5ac19c70d511da750f82a0ba4
                                                                              • Instruction ID: 788ca2d844d84d3499328a9d892fdd6db3331b1d0fea205106d8a5ef91ca8fda
                                                                              • Opcode Fuzzy Hash: bff51682b923a1e294718221f69f26260e8471e5ac19c70d511da750f82a0ba4
                                                                              • Instruction Fuzzy Hash: B5514572F18A6689FB14CB64EC841BC37B8BB04348F541139DE0EA7AB9DF39A9558700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF68A9C Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID:
                                                                              • API String ID: 2943138195-0
                                                                              • Opcode ID: 30f001fca32f8e22a9feccce9067a947ce43097018333a86e4c8c6b46ee35f3e
                                                                              • Instruction ID: bfc1e0103f889d4139dd161bb66832bd55511bdccf17c7b08921e53ec746a389
                                                                              • Opcode Fuzzy Hash: 30f001fca32f8e22a9feccce9067a947ce43097018333a86e4c8c6b46ee35f3e
                                                                              • Instruction Fuzzy Hash: 94616C62B14B5698FB10DBA0DC811EC37B9BB44788F44543ADE0EABAB9EF78D545C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF5EB80 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • bad allocation, xrefs: 00007FFE0BF5EBCB
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFE0BF5ED33
                                                                              • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00007FFE0BF5ED28
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __std_exception_copy__std_exception_destroy$Init_thread_footer
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                              • API String ID: 3914267585-177984870
                                                                              • Opcode ID: fea7039d48a16f84df0a5c246a0f75cc0ec4525d1e244182bbc694b7f0aac2ba
                                                                              • Instruction ID: d5c980809c28f3a5df2bea99d60135f81680ca55e55194acb5fc784d121d76e1
                                                                              • Opcode Fuzzy Hash: fea7039d48a16f84df0a5c246a0f75cc0ec4525d1e244182bbc694b7f0aac2ba
                                                                              • Instruction Fuzzy Hash: 27F12736B09B458AEB10CF65E8902AD73B5FB88B48B054136DE4E97B78EF38D655C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF5F070 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FFE0BF5F218
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFE0BF5F223
                                                                              • bad exception, xrefs: 00007FFE0BF5F0BB
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __std_exception_copy__std_exception_destroy$Init_thread_footer
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                              • API String ID: 3914267585-2007977368
                                                                              • Opcode ID: c3a4f8ecce60b9f5eb939b62528f3d2332f7ddbef0145c8c3d633bb9faf94b97
                                                                              • Instruction ID: d68fb9ee27b63e79cdf9d5bfc537b3d6e93d67efc783efb3e15b0ff2a45097d3
                                                                              • Opcode Fuzzy Hash: c3a4f8ecce60b9f5eb939b62528f3d2332f7ddbef0145c8c3d633bb9faf94b97
                                                                              • Instruction Fuzzy Hash: 8BF12736B09B458AEB10CF65E8802AD73B5FB88B48B054536DE4E93B78EF38E555C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6C0A8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                              • API String ID: 2943138195-2239912363
                                                                              • Opcode ID: afe0ffeb56c262848d721f9b06f82b5fd4e90291abbc621942f29b19f2ff9138
                                                                              • Instruction ID: b2e41ec4b1c5879b2988d024b2ef4b493d6e4e760b529d730c65e735ec90c19a
                                                                              • Opcode Fuzzy Hash: afe0ffeb56c262848d721f9b06f82b5fd4e90291abbc621942f29b19f2ff9138
                                                                              • Instruction Fuzzy Hash: 5F511862E18B9699FB118B64DC412BD77B8FB48748F444136DE8E93AB9DF3CA184C710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2BA8C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFE0BF2BB40
                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE0BF2BAFF
                                                                              • :AM:am:PM:pm, xrefs: 00007FFE0BF2BB5E
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Maklocstr$Yarn
                                                                              • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                              • API String ID: 3000050306-35662545
                                                                              • Opcode ID: 043d8c8dbdccdc31edd4451736137fd4944aa671c029841ddc14928f43825f10
                                                                              • Instruction ID: 941fdbf1cb22299056b24a9459ab48c7eb89e21eac2ad4ab8928159d97ae774e
                                                                              • Opcode Fuzzy Hash: 043d8c8dbdccdc31edd4451736137fd4944aa671c029841ddc14928f43825f10
                                                                              • Instruction Fuzzy Hash: B3213E66A08B8685EB10DF22D8402E977A5FB99B80F498235DE5E83776DF3CE541C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2BB8C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • :AM:am:PM:pm, xrefs: 00007FFE0BF2BC42
                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFE0BF2BC32
                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFE0BF2BBF6
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Maklocwcsstd::_$Yarn
                                                                              • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                              • API String ID: 1194159078-3743323925
                                                                              • Opcode ID: 3ebec83a3551bdcdc76b1dd3e4fbc74a91f3be1accb92f4614d00804df2fdd61
                                                                              • Instruction ID: be78f5cb8cb98655a0aa44645c7f9e625ba62a5ac00c6b55ec559e6504f10871
                                                                              • Opcode Fuzzy Hash: 3ebec83a3551bdcdc76b1dd3e4fbc74a91f3be1accb92f4614d00804df2fdd61
                                                                              • Instruction Fuzzy Hash: E5211022A09B4286EA10DF25E9513A977A0FB94B80F445135EA5E83776EF3CE544C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2A5A8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                              • API String ID: 667068680-1247241052
                                                                              • Opcode ID: 24ef0a13b2b71fb77e4f14e7101441ab91dd52ec8659cc3e364eb840c4570d0f
                                                                              • Instruction ID: 210bf37804e06b5ec0c0c73e90bf0c62a5a352d65f67238ce876832f91e36906
                                                                              • Opcode Fuzzy Hash: 24ef0a13b2b71fb77e4f14e7101441ab91dd52ec8659cc3e364eb840c4570d0f
                                                                              • Instruction Fuzzy Hash: CDF07F68A19B0B91EA049B59BC592B033A6BF48B51B841135C84FC7334EE3CA1A98304
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF0CA50 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 432COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !%x$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                              • API String ID: 0-83798936
                                                                              • Opcode ID: bb8d145fc2bebedc0cad224c93b7a818d79f4991684f33c0da2d7f39dbe8b809
                                                                              • Instruction ID: 3b6cd631ed63dab726535cb19cc09b5561b1ea4dc464406ad1e7c24dbbe877c5
                                                                              • Opcode Fuzzy Hash: bb8d145fc2bebedc0cad224c93b7a818d79f4991684f33c0da2d7f39dbe8b809
                                                                              • Instruction Fuzzy Hash: CF026E22F19A858AEB118FB9D8503AC77B1FB58B98F544231DE4E937B9DE38D485C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF06C90 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                              • String ID: boost::thread_resource_error
                                                                              • API String ID: 1944019136-52533987
                                                                              • Opcode ID: 0d5949b988f0c4e8975e7d5b9bfcef6d562a1dfdcfb7c5efc2a82b02e6de393e
                                                                              • Instruction ID: fff4b36c8dcb66a7148aac7b0d9870b389ac25e77deda7b0c34acbca91e001b0
                                                                              • Opcode Fuzzy Hash: 0d5949b988f0c4e8975e7d5b9bfcef6d562a1dfdcfb7c5efc2a82b02e6de393e
                                                                              • Instruction Fuzzy Hash: 55917E62E18B8594FB00CBB5D8503AC3322FB597A8F509231DE6D976B9EF38A595C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF83710 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FFE0BF84078,?,?,?,?,00007FFE0BF7CFEE), ref: 00007FFE0BF8388C
                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FFE0BF84078,?,?,?,?,00007FFE0BF7CFEE), ref: 00007FFE0BF83898
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeLibraryProc
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3013587201-537541572
                                                                              • Opcode ID: 406051a2592b956789926d0e03c2a6cb936b63ae089444588f7eef2c5ea3ac99
                                                                              • Instruction ID: 24c3a63c0b77f6d694a49494d1c36998df028e8630a6aea33c8919a00d3003e4
                                                                              • Opcode Fuzzy Hash: 406051a2592b956789926d0e03c2a6cb936b63ae089444588f7eef2c5ea3ac99
                                                                              • Instruction Fuzzy Hash: 31418022B19A1281FA169B16AC046793391BF49BE0F499535ED0FDBBB9EF3CE445C304
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF15E0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 93libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: Genu$GetEnabledExtendedFeatures$ineI$kernel32.dll$ntel
                                                                              • API String ID: 1646373207-3700478490
                                                                              • Opcode ID: f6a19ec6d9bc2c3b92dfcea9db0b3fe0128be32342420ed64a96bfb399300f25
                                                                              • Instruction ID: cca5e4645fb46d24bbca0f6f4929e9f7ac5c94496e784608e2ee9e3fe330347e
                                                                              • Opcode Fuzzy Hash: f6a19ec6d9bc2c3b92dfcea9db0b3fe0128be32342420ed64a96bfb399300f25
                                                                              • Instruction Fuzzy Hash: DB415934E1DB0B89FB598B44FD552763295BF58740F84413ACA0FE33B4EE2CA995C201
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF74810 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID: f$p$p
                                                                              • API String ID: 3215553584-1995029353
                                                                              • Opcode ID: 19d8d3a6ce4d553595b11ae62b80b8ab70f141bbd8fa23e1acf4f9e34a95b6b9
                                                                              • Instruction ID: a3f6993b0c48c336405f56f55006b3013f8321beb2b68bc281c5ff8c631cb80f
                                                                              • Opcode Fuzzy Hash: 19d8d3a6ce4d553595b11ae62b80b8ab70f141bbd8fa23e1acf4f9e34a95b6b9
                                                                              • Instruction Fuzzy Hash: E612D472E4C14386FB209B19E8542B976A5FB80754FC84176E69B87BF4DF3CE9808B14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFA0D0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 293COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <>:"/\|?*$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                              • API String ID: 0-185695948
                                                                              • Opcode ID: 667adac8ddd6c71d31befab6c99e1459537e522b1c8fae124115b39d56d6d974
                                                                              • Instruction ID: 33b4564d56dea8f5405f0c270281445b011522c12303ed51395b29e6b38ddb38
                                                                              • Opcode Fuzzy Hash: 667adac8ddd6c71d31befab6c99e1459537e522b1c8fae124115b39d56d6d974
                                                                              • Instruction Fuzzy Hash: 34B1B562B2868A85FB108F29D8443B97361FB85B94F545231DE5E977F5DF3CE8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF863E8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo
                                                                              • String ID:
                                                                              • API String ID: 3215553584-0
                                                                              • Opcode ID: 0d5a754dbeff539dd81f6783643e406fe980485eeff2bc2e5dbee37e73edf62c
                                                                              • Instruction ID: 1e03fdfa49c8609eef07f8f02288f8ba68191efc6444bfe99d54dfbe3e4db965
                                                                              • Opcode Fuzzy Hash: 0d5a754dbeff539dd81f6783643e406fe980485eeff2bc2e5dbee37e73edf62c
                                                                              • Instruction Fuzzy Hash: B9C1D122A0C687A2EB619B15AC402BE7BA1FF91B80F554131DA4FC77B5DE7CE8598340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4B350 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 204COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                              • String ID: Wildix
                                                                              • API String ID: 1944019136-3768880759
                                                                              • Opcode ID: 2231f4c4217c616854e391ca7c7b9018b5595ff48a16cc5fe43519db11ca7051
                                                                              • Instruction ID: 7948f2733ccc07dfcb82f7f3e6810c4e4b5d921232655791f1bd9a3a047491eb
                                                                              • Opcode Fuzzy Hash: 2231f4c4217c616854e391ca7c7b9018b5595ff48a16cc5fe43519db11ca7051
                                                                              • Instruction Fuzzy Hash: 4F819D62F14B8685FB008B65D8503AD3322FB957A8F405631DE6E677FAEF38E0958340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF09A20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                              • String ID: bad locale name$false$true
                                                                              • API String ID: 2775327233-1062449267
                                                                              • Opcode ID: 5e468fc346ad87a7518c494f14a647d3d5548735872a23a4208a13994ffb890a
                                                                              • Instruction ID: 7859743a4bfa7f86023f08b3308700b91453943c0ef8f0b8f44c4efa80c8b644
                                                                              • Opcode Fuzzy Hash: 5e468fc346ad87a7518c494f14a647d3d5548735872a23a4208a13994ffb890a
                                                                              • Instruction Fuzzy Hash: 64516622E19B4289EB11DFA4D8102AC33B5FF44B98F045534DE4EA7ABADF78E945C310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6E3D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: {for
                                                                              • API String ID: 2943138195-864106941
                                                                              • Opcode ID: f90e41cad096f2da93ea417e0c4c3fcd4eba8a185dcbaaf535a881db8345dab5
                                                                              • Instruction ID: 2b46591c1e7e2616eea13c663a5b541a578e6e95ae59b75937a79e8f93f33be2
                                                                              • Opcode Fuzzy Hash: f90e41cad096f2da93ea417e0c4c3fcd4eba8a185dcbaaf535a881db8345dab5
                                                                              • Instruction Fuzzy Hash: 73514C76A08A86A9E7119F24D9413EC37A8FB44788F849135DE4E87BB9EF7CD954C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF27DE0 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentThread$xtime_get
                                                                              • String ID:
                                                                              • API String ID: 1104475336-0
                                                                              • Opcode ID: 1b469f39731d2fe9418beec3031c25306e4f08875869ab3756341ad35cd88f7e
                                                                              • Instruction ID: 4405cdcf6de26f0fb69054c525027f2ac95505d7c926b1423b0a70842ed097c6
                                                                              • Opcode Fuzzy Hash: 1b469f39731d2fe9418beec3031c25306e4f08875869ab3756341ad35cd88f7e
                                                                              • Instruction Fuzzy Hash: F151C932A18A4686EA60AF19E84427AB3A1FB54B44F558031DA6FC77B0DF3DEC85C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF00460 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FFE0BF004D0
                                                                              • couldn't get temp folder path, error {}, xrefs: 00007FFE0BF004BE
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$ErrorLastPathTemp
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                                              • API String ID: 1406663960-3281116547
                                                                              • Opcode ID: 00d46c72ac2025951d999f6dfa65d52e4cecf7cd7147bc7663bcd4cc50032544
                                                                              • Instruction ID: 2d0f28fb99358584314362f679b10c3f1a8c4e116c944fa1c27a92c56fa992cc
                                                                              • Opcode Fuzzy Hash: 00d46c72ac2025951d999f6dfa65d52e4cecf7cd7147bc7663bcd4cc50032544
                                                                              • Instruction Fuzzy Hash: 8D41973261CB8582E7208F15F8402AAB7A5FB88B90F444236EB9E43B74DF3CD555C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF687F8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+Replicator::operator[]
                                                                              • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                              • API String ID: 1405650943-2211150622
                                                                              • Opcode ID: 4315fde10b0c18e2618adf3d88e1e854fc524dc8ef429976d7086a5a917182a1
                                                                              • Instruction ID: 472c57a2eb338a989eca0ae669a528879326c875e0a8860793e5864978ebd2d4
                                                                              • Opcode Fuzzy Hash: 4315fde10b0c18e2618adf3d88e1e854fc524dc8ef429976d7086a5a917182a1
                                                                              • Instruction Fuzzy Hash: 97414CB6E08B4A99F7118B24DD412BC37A8BB08788F94453ACE4E93779DF7CA584C301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6A5DC Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: char $int $long $short $unsigned
                                                                              • API String ID: 2943138195-3894466517
                                                                              • Opcode ID: 141c0a0f09cd27b5732f2ebd561887ead484243a038993fc7541bb2f00a37280
                                                                              • Instruction ID: 3a8c8bbb8df758cb5839314d430c3f0938ff3bd9feec968e4498b3c010c29bf5
                                                                              • Opcode Fuzzy Hash: 141c0a0f09cd27b5732f2ebd561887ead484243a038993fc7541bb2f00a37280
                                                                              • Instruction Fuzzy Hash: 8D315672E18A4689F7118B38DC543B837A9BB15748F58A131CE0EA7AB9DF3DE548C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF933CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                              • String ID: CONOUT$
                                                                              • API String ID: 3230265001-3130406586
                                                                              • Opcode ID: b039afb8f07e777026a724c9789f87f27cf03355c8c9bf5fff4410ca7dd34ed2
                                                                              • Instruction ID: 85429464aa7df41407464584d4eb20607a1ed8712cb71272b4d7b94ceafd8c13
                                                                              • Opcode Fuzzy Hash: b039afb8f07e777026a724c9789f87f27cf03355c8c9bf5fff4410ca7dd34ed2
                                                                              • Instruction Fuzzy Hash: 4D115B21A18A4286F7508B56EC5432976A1FB88BE4F044234EA5FC7BB4DF7CD9548748
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2A2B0 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiStringWide
                                                                              • String ID:
                                                                              • API String ID: 2829165498-0
                                                                              • Opcode ID: 6118fa8085e3669122257fb284799078a74a7ea03473d476fd7d1291ba46dfc7
                                                                              • Instruction ID: 9b8438becbab8c0fa9b4ed691e11f47f58e015ad54dbf522e546dc8ed53274ed
                                                                              • Opcode Fuzzy Hash: 6118fa8085e3669122257fb284799078a74a7ea03473d476fd7d1291ba46dfc7
                                                                              • Instruction Fuzzy Hash: 84817072A0874186EB208F25D84037A77A1FF54BA8F545635EA6E97BF4DF3CD4458B00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2DD14 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: d7ee89805e0ed53243302812a72c61ec43182b1c66d2af2860eeb625812f69d5
                                                                              • Instruction ID: 87e60b6b772efb8a58b51590f246864b21f2c7334278817205051a443bd891d0
                                                                              • Opcode Fuzzy Hash: d7ee89805e0ed53243302812a72c61ec43182b1c66d2af2860eeb625812f69d5
                                                                              • Instruction Fuzzy Hash: D1416625A09A4681EA15AF15EC511B87361FFA4BA4F581531DE1FC77B5DE3CE882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2CCAC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: b969601a560f35dba9b4972657ffa72566e202d2509f4af65a8760324919a95d
                                                                              • Instruction ID: cfc5a0b64f6abde5b22f23b3e793c5e97854b7edf1732fc24986741d46bdf83d
                                                                              • Opcode Fuzzy Hash: b969601a560f35dba9b4972657ffa72566e202d2509f4af65a8760324919a95d
                                                                              • Instruction Fuzzy Hash: 5A317035A09A4A81EA159B15ED401BD7761FFA4BA0F880532DE3FC77B5DE7CE8868300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2CDC4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 7672d8b44917d768e51c69c86e71f5f9f1be2aeeecebe14a287d4551a333b578
                                                                              • Instruction ID: aba72212dfc1a4cea0494807ece1147f907d8654ef1b773b9e26fb02afc5ca09
                                                                              • Opcode Fuzzy Hash: 7672d8b44917d768e51c69c86e71f5f9f1be2aeeecebe14a287d4551a333b578
                                                                              • Instruction Fuzzy Hash: AD317035A09A4A81EA159B15ED511BC7361FF64BA0F481232DE2FC77B5DE3CE892C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2CEDC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: d057163cf0e77e876bac29577a5c22d09043a768996d1959bca84baed61bf59b
                                                                              • Instruction ID: f970de52cb2c44f954ad59b36412863e697e8b4743ebb55fc9e13b7d0258a13c
                                                                              • Opcode Fuzzy Hash: d057163cf0e77e876bac29577a5c22d09043a768996d1959bca84baed61bf59b
                                                                              • Instruction Fuzzy Hash: 0631A435A09A4A81EA159B55ED401BD7361FF64BA0F480231DE2FC77B5DE3CE842C310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2CFF4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 806bf41120877e85cb8bd4537ce37f0615b569a650b15191b997c9a9a032458c
                                                                              • Instruction ID: 62b2bed9a74e852cd91e6e1cab303a0dfc3820e721d3ab6412fc6aa37143eebe
                                                                              • Opcode Fuzzy Hash: 806bf41120877e85cb8bd4537ce37f0615b569a650b15191b997c9a9a032458c
                                                                              • Instruction Fuzzy Hash: 0431632AA09A4A81FA19EB19DD441797361FF64BA0F580131DE6FC77B9DE3CE8428300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C84C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 62cef737c684c02f76c34dfed10d3ff52166fed3c3c850809a22494ef29eb736
                                                                              • Instruction ID: f34e03a7dcdfc9401d67c11746a52e09f24a053280c03d59ca0e85a874aac8ee
                                                                              • Opcode Fuzzy Hash: 62cef737c684c02f76c34dfed10d3ff52166fed3c3c850809a22494ef29eb736
                                                                              • Instruction Fuzzy Hash: 12318F35A09A4691EA159B65ED501BC7361FFA4BA4F480132DE2F877B5DE3CE882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D8B4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 3ef5d887a69fde8eb79102d68e6dac8fec32c46f6627d78cf0bdcf0ff4dab9d6
                                                                              • Instruction ID: 5191ea2a3b1e8b84bc70f10e44dc1929f71e32f59737c7f9542697e284f9e462
                                                                              • Opcode Fuzzy Hash: 3ef5d887a69fde8eb79102d68e6dac8fec32c46f6627d78cf0bdcf0ff4dab9d6
                                                                              • Instruction Fuzzy Hash: F831862AA09A4681EB159F15DD452B87361FFA5BA4F480131EE6FC77B5DE3CE842C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C964 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: bcfa4eb89c8d78ae932ff0094edea61ca0765b0be1aa851a0d634ea377269ddb
                                                                              • Instruction ID: 016889596b9a0620fc4854245b2d13ed5cadc06c6ffe9b25d7af247285ef1dd3
                                                                              • Opcode Fuzzy Hash: bcfa4eb89c8d78ae932ff0094edea61ca0765b0be1aa851a0d634ea377269ddb
                                                                              • Instruction Fuzzy Hash: B031A036A09A4684FA05DB15EC511BCB360FF65BA0F480232DE2F876B5DE7CE842C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D9CC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: c88c61b737cf5bb7ced29080a09486b97f7a62aa0ee58b3c5a23abf974e645a1
                                                                              • Instruction ID: 4c4bd54471f0cc8d1f12dfed2b25fd48fd2b335fb08df35ddf831c09e5a5c19d
                                                                              • Opcode Fuzzy Hash: c88c61b737cf5bb7ced29080a09486b97f7a62aa0ee58b3c5a23abf974e645a1
                                                                              • Instruction Fuzzy Hash: 8531802AA0DA4681FA159F15ED405B9B361FF64BA0F580131DE6F877B6DE3CE8828700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2CA7C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 4c49cd235b3d411d937d39b31007a6f21730b6cd7a74e53b0dd6f0d4bb12012f
                                                                              • Instruction ID: 8d28175cf46aa81e12343a85c9d84ecbed9b530ad9a8b5d13b0d2197db930a6a
                                                                              • Opcode Fuzzy Hash: 4c49cd235b3d411d937d39b31007a6f21730b6cd7a74e53b0dd6f0d4bb12012f
                                                                              • Instruction Fuzzy Hash: 1231723AA09A4A81EA159B56ED4417D7361FF64BA4F480131DE2FC77B5DE3CE886C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2DAE4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 59e0f36cd1ea3a1365760fbb3129df661edbc45c6de00f140661bec03dd7375b
                                                                              • Instruction ID: ebe8664031902c0c1d887393450498d083188c6f93a58d651cb548fd50a5ca60
                                                                              • Opcode Fuzzy Hash: 59e0f36cd1ea3a1365760fbb3129df661edbc45c6de00f140661bec03dd7375b
                                                                              • Instruction Fuzzy Hash: 46316129A09A4A81FA159B55ED501B97361FF64BA4F480131DE2FC77B6DF3CE882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2CB94 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: ba907c7073d14346145b041efd69a39d511bb92761038cb225760091b9a1808f
                                                                              • Instruction ID: 36f0005c5936677577b7981b6f43cf03fc599e1310542dab45c55a44c2b32344
                                                                              • Opcode Fuzzy Hash: ba907c7073d14346145b041efd69a39d511bb92761038cb225760091b9a1808f
                                                                              • Instruction Fuzzy Hash: 1F318F35A49A8A91FA159B25ED501BD7361FF64BA4F480532DE2F877B5DE3CE8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2DBFC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 2c549df3dd1d75dff04ccf5148f4e2c5653139b2921eee02cb6e4c2fb23f264c
                                                                              • Instruction ID: 028aea382503bd64da387ccb9307dd6d216b2bca1dbadcf1bc25126d70653d2a
                                                                              • Opcode Fuzzy Hash: 2c549df3dd1d75dff04ccf5148f4e2c5653139b2921eee02cb6e4c2fb23f264c
                                                                              • Instruction Fuzzy Hash: CA31B529A49A4685EA169F15ED501B87361FFA4BA0F480232DE6FC77F5DE7CE842C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D454 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 279b704d9cfbdb962c4dd4b25f088a962e75d6d9dbb0ed7fdeade1e5fd35f517
                                                                              • Instruction ID: 6d1c47ca74f57aedd0d83e1b96a8926731887f8e4d7aa612816c9b3b750589cc
                                                                              • Opcode Fuzzy Hash: 279b704d9cfbdb962c4dd4b25f088a962e75d6d9dbb0ed7fdeade1e5fd35f517
                                                                              • Instruction Fuzzy Hash: 99319229A09A4A91EA159F15ED411B87361FFA4BA4F481131DE2F877B5DF7CF8468300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C504 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 7bf6bee0a8ace7a32e6d1451ecca0b184075597f264134e24b7339206321fafa
                                                                              • Instruction ID: 377610a88371afdb426102525d436ec08f58d7743fc0a3bb1aa8de26411103d5
                                                                              • Opcode Fuzzy Hash: 7bf6bee0a8ace7a32e6d1451ecca0b184075597f264134e24b7339206321fafa
                                                                              • Instruction Fuzzy Hash: 04318F35E09A4681EA159B15ED411BC7761FFA4BA4F481632DE6F877B5DE3CE8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D56C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: e35305ec90654eb47726e3b85a58bb825aa7002e0b9538b083ae27a92fc5c895
                                                                              • Instruction ID: 8ff8cd778b7563091f82ebbfe563f6f8b1876f654e5c4125b32a580e92c47030
                                                                              • Opcode Fuzzy Hash: e35305ec90654eb47726e3b85a58bb825aa7002e0b9538b083ae27a92fc5c895
                                                                              • Instruction Fuzzy Hash: C931E129A09A4A85EA159F16ED451B87720FF64BA4F481132DE2FC73F5DF7CE8428700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C61C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 4af66db5b1cecd3f8a91385732624d400cc82c39c12d8efa0fbd69fc4e7b47a4
                                                                              • Instruction ID: 24957845828aa72a36329f006de1198c4aaea9a074bbb1258ced30bcb40790b9
                                                                              • Opcode Fuzzy Hash: 4af66db5b1cecd3f8a91385732624d400cc82c39c12d8efa0fbd69fc4e7b47a4
                                                                              • Instruction Fuzzy Hash: 31317036A09A4681EA159B15ED4017C7761FFA4BA4F481532DE2F877B5DF7CE882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D684 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: e4cbb2f31d677ac33a76b42f9c7747aadeb6aa6ced1be8196a58d91036f38f7f
                                                                              • Instruction ID: 18ffc498e1fe3ef852e29468acd6c08fe0749efa13382ec6a9cc955361b5cc18
                                                                              • Opcode Fuzzy Hash: e4cbb2f31d677ac33a76b42f9c7747aadeb6aa6ced1be8196a58d91036f38f7f
                                                                              • Instruction Fuzzy Hash: 56319029E09A4A91FA159F15DD401B97361FF64BA0F480631DE2F877B5DE3CE8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C734 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: a6ae364fc2a4e44635426fe8e06a9a19d2e54377d17fa1836d834ccdf47059d0
                                                                              • Instruction ID: 6bacac2fb05fb996a5144c087b50a071a59a6c7a0c22e4121794228f99808fb3
                                                                              • Opcode Fuzzy Hash: a6ae364fc2a4e44635426fe8e06a9a19d2e54377d17fa1836d834ccdf47059d0
                                                                              • Instruction Fuzzy Hash: BB316E36A09A4691EA15AB55ED441BD7361FFA4BA0F480131DE2FC76B5DF3CE882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D79C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: aebe8dd5c26680a8b057ec8631fd9067fa569523c883de0c8fd172def8238ba7
                                                                              • Instruction ID: 889460b12c9b3997fd443eb3040b38904fe07abee4bc7fe930af510043210e6e
                                                                              • Opcode Fuzzy Hash: aebe8dd5c26680a8b057ec8631fd9067fa569523c883de0c8fd172def8238ba7
                                                                              • Instruction Fuzzy Hash: D6315029A09A4681EA159B59ED451B87361FFA4BA4F480132DE6F877B5DE3CF842C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D10C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: d0115274c2daa4c985cdb42a8d6ea1857d0aa68b1bba0bfd587e0d353d41f6e6
                                                                              • Instruction ID: b6c2544c9a9349005bf65ad10994805d5cd9380f0ed613f2043abe37c2bd866c
                                                                              • Opcode Fuzzy Hash: d0115274c2daa4c985cdb42a8d6ea1857d0aa68b1bba0bfd587e0d353d41f6e6
                                                                              • Instruction Fuzzy Hash: EC319029A09A4691FA159F15DD401B97361FF64BA4F481132DE2FC7BF6DE3CE8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D224 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 4e389fbbfef3352140d4cf85328b5848eafc1e4337481f0442917fb21f453147
                                                                              • Instruction ID: 3ff17bf3e593e1792e247553b8615dbc65cfb0887f5ef78bc64827e62ad36640
                                                                              • Opcode Fuzzy Hash: 4e389fbbfef3352140d4cf85328b5848eafc1e4337481f0442917fb21f453147
                                                                              • Instruction Fuzzy Hash: 3831C429A09A4A90FA059F55DD402B87365FF65BA0F480131DE2FC77F6DE7CE8428300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2D33C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 0c7779649ba2e5acc6118f6d5956739af4ce3ad6d7e8a46062655682306152b3
                                                                              • Instruction ID: a1a8da0ca8e13c649789a20ee4c8bc55c8c1be8b2517507895cbceed541a03d4
                                                                              • Opcode Fuzzy Hash: 0c7779649ba2e5acc6118f6d5956739af4ce3ad6d7e8a46062655682306152b3
                                                                              • Instruction Fuzzy Hash: A2317029A09A4681EA159F15ED401B97361FFA4BA4F580532DE6FC77F5DE3CE892C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C3EC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 387dc0db2405df0d9f22c04cb63ba4b0d617139b55e14d047d3fcee8c6c572ab
                                                                              • Instruction ID: 546db0b7f935db7258bdbb5cbccbb9246596bddcb8485ded5a0c25f8059c22c1
                                                                              • Opcode Fuzzy Hash: 387dc0db2405df0d9f22c04cb63ba4b0d617139b55e14d047d3fcee8c6c572ab
                                                                              • Instruction Fuzzy Hash: E0316035A09A4A81EE159B16ED502BD7361FF64BA4F480131DE6FC76B5DE3CF8428300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF04C20 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: ac7a640332557d5b5f9336cbf909b541899b8366478aa789d5964ec1389b1217
                                                                              • Instruction ID: d72d88f1e688bfb4b067583db0a2566b1a620be3d66cf3cec905e81c618a8c68
                                                                              • Opcode Fuzzy Hash: ac7a640332557d5b5f9336cbf909b541899b8366478aa789d5964ec1389b1217
                                                                              • Instruction Fuzzy Hash: 0331AF21E19A4691FA15AB95ED401B87361FF54BA0F484632DE1F877B9DE3CF8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF13CB0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 4eac81ef0005b12bff179a9f7cf3b653102569b8f21692e67352610833f971c2
                                                                              • Instruction ID: 21fad105ccf66aca64ca409553b3d481c6cd714dae7cbc11ad498a51947d93e4
                                                                              • Opcode Fuzzy Hash: 4eac81ef0005b12bff179a9f7cf3b653102569b8f21692e67352610833f971c2
                                                                              • Instruction Fuzzy Hash: C1314121A09A4A91EB159B15DD441B97361FF54BA4F580A32DE1F877F9DE3CF8868300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFD880 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 53b00496169379d27dc3c0bcbef6f678b1711fe48489907317cdc2fdac083c80
                                                                              • Instruction ID: 0714577441c58b26124e7f7e9abda1a045b4d7e56c07d10950fa749b2fda237b
                                                                              • Opcode Fuzzy Hash: 53b00496169379d27dc3c0bcbef6f678b1711fe48489907317cdc2fdac083c80
                                                                              • Instruction Fuzzy Hash: CD319E22A19A4A81EB059F55ED001B87761FF54BA0F884232DE5FD77B9DE7CE8438300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF04F50 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: a20d17e738c6685d80b34b8ae3a4b393ee32864481d1e777d8306891dc3121be
                                                                              • Instruction ID: 10fd2ade578fb8f370898a0514e0cb81fcea028bdc07eae009652dbf273d1dc7
                                                                              • Opcode Fuzzy Hash: a20d17e738c6685d80b34b8ae3a4b393ee32864481d1e777d8306891dc3121be
                                                                              • Instruction Fuzzy Hash: ED31AF22E19A4681EA159B55ED451BD7361FF54BA0F480232DE1F877B9DE7CF882C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF04E40 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 83a95ff91e339e134a70a64c271596b337a382321584409226b111350b1b3e40
                                                                              • Instruction ID: 9f0f994ef2c56bb457500814378e9e6f56836cbb69ab72c62af88be10afd485e
                                                                              • Opcode Fuzzy Hash: 83a95ff91e339e134a70a64c271596b337a382321584409226b111350b1b3e40
                                                                              • Instruction Fuzzy Hash: 1E317E21E29A4681EA15AB65ED401B97371FF54BA0F480232DE1EC77F9DE3CF8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF04D30 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 6cd04df289ad89e23516b0d557bce46929b717c0bfc776ac7b52bf54662687bd
                                                                              • Instruction ID: a5925228b1f27dda3e7f1b6225059f0a5a5be8f3935fd7aaa63d148562db1ef2
                                                                              • Opcode Fuzzy Hash: 6cd04df289ad89e23516b0d557bce46929b717c0bfc776ac7b52bf54662687bd
                                                                              • Instruction Fuzzy Hash: 5F314D22E1AA4681FA15AB55ED411B97361FF54BA0F480232DF1E877B9DE3CF8828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF6390 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: d3346a5a18df91a7cc4ceef21a3e73edc5d346a9d521d23ffb4e2da158f0b3e3
                                                                              • Instruction ID: e9db2c7c73c2f353ad6ecfa56a36ba13ff26eb5745afc59158e076132d1861cc
                                                                              • Opcode Fuzzy Hash: d3346a5a18df91a7cc4ceef21a3e73edc5d346a9d521d23ffb4e2da158f0b3e3
                                                                              • Instruction Fuzzy Hash: B8319E21E19A4A86EA15AF65ED441B97361FF54BA0F580532DE1E973F9DE3CF882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF1C520 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: ba8876aa3346ae9c75539d70029f14eededd9cbc27ddee5232561dd766709d84
                                                                              • Instruction ID: d4eccd8230277d32c024bb4855a5f30ba5cf97c607712384618c8ba64e573e12
                                                                              • Opcode Fuzzy Hash: ba8876aa3346ae9c75539d70029f14eededd9cbc27ddee5232561dd766709d84
                                                                              • Instruction Fuzzy Hash: 14316122A49A4681EE159B15DD401B97761FF94BE0F582932DE1F8B7B9DE3CF882C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF81B40 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000,00007FFE0BF8D477,?,?,?), ref: 00007FFE0BF81B4F
                                                                              • FlsSetValue.KERNEL32(?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000,00007FFE0BF8D477,?,?,?), ref: 00007FFE0BF81B85
                                                                              • FlsSetValue.KERNEL32(?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000,00007FFE0BF8D477,?,?,?), ref: 00007FFE0BF81BB2
                                                                              • FlsSetValue.KERNEL32(?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000,00007FFE0BF8D477,?,?,?), ref: 00007FFE0BF81BC3
                                                                              • FlsSetValue.KERNEL32(?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000,00007FFE0BF8D477,?,?,?), ref: 00007FFE0BF81BD4
                                                                              • SetLastError.KERNEL32(?,?,000097C86473018E,00007FFE0BF75325,?,?,?,?,00007FFE0BF88E42,?,?,00000000,00007FFE0BF8D477,?,?,?), ref: 00007FFE0BF81BEF
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Value$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 2506987500-0
                                                                              • Opcode ID: 532e045ba80960950bff713ef78baf97d441b74d16cf58d811c8e3bba1bbf227
                                                                              • Instruction ID: 7a3b584474328a71c9a8f047ceffea836647179f22198662aa74f43ddce031a6
                                                                              • Opcode Fuzzy Hash: 532e045ba80960950bff713ef78baf97d441b74d16cf58d811c8e3bba1bbf227
                                                                              • Instruction Fuzzy Hash: 76113060B0D24642FA685735AE5217972527F48FB0F040734E83FDB6F6EE2CF5428604
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFA200 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$Init_thread_footer
                                                                              • String ID: <>:"/\|?*
                                                                              • API String ID: 3356721665-3841475095
                                                                              • Opcode ID: 425ff8c6f6252e8f4b37f4b97e46b64ab65e4ab4258a9e15a63a3a7a053d55ec
                                                                              • Instruction ID: 8cf0689eee97d5dbe3d8afdc973bc0d834c5a543d586de146b24747e4184f67a
                                                                              • Opcode Fuzzy Hash: 425ff8c6f6252e8f4b37f4b97e46b64ab65e4ab4258a9e15a63a3a7a053d55ec
                                                                              • Instruction Fuzzy Hash: E3B18262A2878A85FB148F25DD143B93361FB457A4F505235DA6E9BBF9DF3CE4828300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF11A70 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 271COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: at $std:$system
                                                                              • API String ID: 3668304517-2505448101
                                                                              • Opcode ID: 5f7cc786e631b0e74e9e1bd026284c0d3efcec02e65685e72cdc65300af50fc4
                                                                              • Instruction ID: ef2f1ceda4557cce8157c1fec9e91141dd57daf69c418ce691f850b7a6557d76
                                                                              • Opcode Fuzzy Hash: 5f7cc786e631b0e74e9e1bd026284c0d3efcec02e65685e72cdc65300af50fc4
                                                                              • Instruction Fuzzy Hash: 1AB17A62B18B5589EB14CB66E8442AD7761FB49B94F108A31DF6EA3BF5DF38E141C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF24B90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 206COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                              • String ID: ,$false$true
                                                                              • API String ID: 1173176844-760133229
                                                                              • Opcode ID: f61bbf55d3453621d0321d380b774bceaaaf36c9cfa69baeb5aec0e634acf0e4
                                                                              • Instruction ID: ac08256d6e5c6f8d24287503311083f0c8e415fa4c5ee0cb12d72847a8221bb1
                                                                              • Opcode Fuzzy Hash: f61bbf55d3453621d0321d380b774bceaaaf36c9cfa69baeb5aec0e634acf0e4
                                                                              • Instruction Fuzzy Hash: 6181AD22B19B5685E750CF61E8402AE73A8FF58788F405132EE5E93B79EF38D546C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6BDF0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                              • API String ID: 2943138195-757766384
                                                                              • Opcode ID: 7d1cbcb50031b8f9528458c79e85923f490d0d7662a0d172dfdf8c9dbfcfd909
                                                                              • Instruction ID: 9da42ca66302ca883cc31d08f4fc361f5b199ed7d6e2bbeef3734e6cb7e1a551
                                                                              • Opcode Fuzzy Hash: 7d1cbcb50031b8f9528458c79e85923f490d0d7662a0d172dfdf8c9dbfcfd909
                                                                              • Instruction Fuzzy Hash: EA713776E08A4794E7148F69DD521B877A8BB05784F844635CE8ED7ABADF3CE1A08300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF8650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 2967684691-1405518554
                                                                              • Opcode ID: 7029a183b29259f5d080046cc94de290224643f9a4acbfe1ceb21dc97ffa4660
                                                                              • Instruction ID: 2fb615488dbb9b2f27435f456dd296d41b9322461935dfb033eb29fa912b3a58
                                                                              • Opcode Fuzzy Hash: 7029a183b29259f5d080046cc94de290224643f9a4acbfe1ceb21dc97ffa4660
                                                                              • Instruction Fuzzy Hash: 17515C22B19B42C9EB11DFA0D8503AD33A5BF40B88F545534DE4EA7AB9DF38E9168350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF09D90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_taskLockitstd::_$Lockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 2927694129-1405518554
                                                                              • Opcode ID: 08ee1b3967b54664d40556b6e4dca6bc14adeb461db8bc2fd480ca6009b2ee36
                                                                              • Instruction ID: d4bb74fc4da9f17cab34a588ffb4df71c5e8a9ca52132d78038af818768a90f9
                                                                              • Opcode Fuzzy Hash: 08ee1b3967b54664d40556b6e4dca6bc14adeb461db8bc2fd480ca6009b2ee36
                                                                              • Instruction Fuzzy Hash: 38418F32A1D64186EA11DBA5E8503BEB3A4FF80780F544434EE8E87AB6DF7CD8508710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF390B8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Maklocstr$Getvals
                                                                              • String ID: false$true
                                                                              • API String ID: 3025811523-2658103896
                                                                              • Opcode ID: 21ba5e9dcfa14748637ffeedb7065e45bedb9d8283f7c653025d7417579fcdb8
                                                                              • Instruction ID: 413317330825212792bf815e056b63fff9518444c0d99a46ba961aece8adab7e
                                                                              • Opcode Fuzzy Hash: 21ba5e9dcfa14748637ffeedb7065e45bedb9d8283f7c653025d7417579fcdb8
                                                                              • Instruction Fuzzy Hash: E5414C22B18B8199E710DF74E8401ED33B1FB58788B445236EE4E67A69EF38D596C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF002F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FFE0BF00368
                                                                              • couldn't get special folder, error {}, xrefs: 00007FFE0BF0035C
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$FreeTask
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                                              • API String ID: 1807027773-2224659992
                                                                              • Opcode ID: b84c0743efdce78aa4bab5032517c3909bd40c09f92be3c87a9e3270ba148090
                                                                              • Instruction ID: ba3aac926d08b0bda4245106cebe50659399f71eae55a5ae1e32f96b742aa5e5
                                                                              • Opcode Fuzzy Hash: b84c0743efdce78aa4bab5032517c3909bd40c09f92be3c87a9e3270ba148090
                                                                              • Instruction Fuzzy Hash: 7A41C232A1CB8582E7218F65F84026AB7A5FB85B90F544235EB8E43BB9DF3CE545C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF065E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                              • String ID: "$/
                                                                              • API String ID: 946306463-2662438755
                                                                              • Opcode ID: 2ee86be5cfdbf845f6f15e06806eac28e0614359746b3a5fb7f782153ca3e777
                                                                              • Instruction ID: acf623798b493f0a0fc0df8d626e39c781cafdbd79ef05322b6693a2e8ba7ed1
                                                                              • Opcode Fuzzy Hash: 2ee86be5cfdbf845f6f15e06806eac28e0614359746b3a5fb7f782153ca3e777
                                                                              • Instruction Fuzzy Hash: F3419522A18B8581EB118F24E8503A97371FB99798F505232EA9D877B5EF3CE1D5C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF06470 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                              • String ID: ($/
                                                                              • API String ID: 946306463-2468745909
                                                                              • Opcode ID: b8584e709c6b1a24ac128c25bae6a3fce6da2b4b0fd9786955d38a879c0fc161
                                                                              • Instruction ID: 8c79cf24e2cc40aa41c168cf7650e54602c91064527010c0d9ab163eba6aaba6
                                                                              • Opcode Fuzzy Hash: b8584e709c6b1a24ac128c25bae6a3fce6da2b4b0fd9786955d38a879c0fc161
                                                                              • Instruction Fuzzy Hash: 38417562918B8581EB11CF24E8503697371FB99798F509231EA9D877B9EF3CE1D4C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6D9B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: NameName::
                                                                              • String ID: `template-parameter$void
                                                                              • API String ID: 1333004437-4057429177
                                                                              • Opcode ID: 88f1c2d15a0bc3adf9c6da8158cc998536c8b7ff011d6048e52b1d8740332abf
                                                                              • Instruction ID: b11db52406d8ddfad6fc19c722cc9cffdc63b8d6ce126303dcd067516a07ce8c
                                                                              • Opcode Fuzzy Hash: 88f1c2d15a0bc3adf9c6da8158cc998536c8b7ff011d6048e52b1d8740332abf
                                                                              • Instruction Fuzzy Hash: B9416926F18B5688FB009B65DC522ED3375BB48788F540235CE4E9BA7ADF78A585C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF06750 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                              • String ID: &$..9999$/
                                                                              • API String ID: 1109970293-2119091122
                                                                              • Opcode ID: bad96269d5de9d689d7aab0c74dd9c1f69abd81ef4288e4d0c058360d48cd253
                                                                              • Instruction ID: 57fcd2b7d128d4f76943b833ce9f6c532f30e290e54eca0549008350d36b3649
                                                                              • Opcode Fuzzy Hash: bad96269d5de9d689d7aab0c74dd9c1f69abd81ef4288e4d0c058360d48cd253
                                                                              • Instruction Fuzzy Hash: 8531852292CB8582EB11CB24E85036A73B1FB99758F505236EA9D877B5EF7CE1D4C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF8958C Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _set_statfp
                                                                              • String ID:
                                                                              • API String ID: 1156100317-0
                                                                              • Opcode ID: e2a52eeffa03d19c3473cc8f4d897b2ea57e3a717b0bc8f4356aac3dbbf2edbd
                                                                              • Instruction ID: 03b161c2eb86e1a3783c67ab9bcbcfef838197b329e952fd246f4af37b818c2f
                                                                              • Opcode Fuzzy Hash: e2a52eeffa03d19c3473cc8f4d897b2ea57e3a717b0bc8f4356aac3dbbf2edbd
                                                                              • Instruction Fuzzy Hash: 7E81E312D08A4685F7368F35AC4037A76A0BF55794F18E235ED5FA76B4DFBCE4818A00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF11200 Relevance: 7.7, APIs: 5, Instructions: 161windowCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE0BF11AD5), ref: 00007FFE0BF11257
                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE0BF11AD5), ref: 00007FFE0BF11299
                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFE0BF113F1
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BF1141D
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharFormatFreeLocalMessageMultiWide_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 981250203-0
                                                                              • Opcode ID: a4c55069807a390da005bd219704418b097c0374aeaa76d1932dde3f0647e92d
                                                                              • Instruction ID: 90106e314b57ec9e9fa6cb43f05a3a006252cdd9ed2af22681a4937fe1a3c70e
                                                                              • Opcode Fuzzy Hash: a4c55069807a390da005bd219704418b097c0374aeaa76d1932dde3f0647e92d
                                                                              • Instruction Fuzzy Hash: 6A51F022B18B4185FB20CB6598507BE76A5BB487A8F045A35DF4EA3EB9DF38D1818700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF00950 Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 143101810-0
                                                                              • Opcode ID: 82cfe084d05c7e912d23034e6c0e9f73626f2345b82c46785d34751a916b4bac
                                                                              • Instruction ID: b1aa5a04959e45ec3bb4ae3ce7800199d413c14bf7d79bc52fa480133e5a3801
                                                                              • Opcode Fuzzy Hash: 82cfe084d05c7e912d23034e6c0e9f73626f2345b82c46785d34751a916b4bac
                                                                              • Instruction Fuzzy Hash: F851B822E2878641E7209B65B90036AB6A5FF847A4F185735EEAF837F5DF7CD1849300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6A238 Relevance: 7.6, APIs: 5, Instructions: 93COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: NameName::$Name::operator+
                                                                              • String ID:
                                                                              • API String ID: 826178784-0
                                                                              • Opcode ID: 9cc5fa096e5a0a8fddfadafd10dc89e0a5e8996c5e5224a87b09b245d29a3d37
                                                                              • Instruction ID: ccfd24c7d080714e4297361baf2a5e4c142059157d9e044860d2efaf7bd35123
                                                                              • Opcode Fuzzy Hash: 9cc5fa096e5a0a8fddfadafd10dc89e0a5e8996c5e5224a87b09b245d29a3d37
                                                                              • Instruction Fuzzy Hash: EF416A36A48B9794EB10DF60DD911B837B8BB55B84B984032DE4EA37B5DF39E855C300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF91DBC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _set_statfp
                                                                              • String ID:
                                                                              • API String ID: 1156100317-0
                                                                              • Opcode ID: 6e4f390f8d976f999aef89e1ebd30f2423b3d155eab78d2d27cfc50b49dd385e
                                                                              • Instruction ID: d294cc0ce08b6064389b5b480d5160a900a5ae04a75556a2a99a863b54c614de
                                                                              • Opcode Fuzzy Hash: 6e4f390f8d976f999aef89e1ebd30f2423b3d155eab78d2d27cfc50b49dd385e
                                                                              • Instruction Fuzzy Hash: 8C119122E1CB0715F6A92169ED52375304B7F94370F184A34EA7FE72FA8E7CBA408100
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF81C08 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FFE0BF6F1A3,?,?,00000000,00007FFE0BF6F43E,?,?,?,?,?,00007FFE0BF6F3CA), ref: 00007FFE0BF81C27
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF6F1A3,?,?,00000000,00007FFE0BF6F43E,?,?,?,?,?,00007FFE0BF6F3CA), ref: 00007FFE0BF81C46
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF6F1A3,?,?,00000000,00007FFE0BF6F43E,?,?,?,?,?,00007FFE0BF6F3CA), ref: 00007FFE0BF81C6E
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF6F1A3,?,?,00000000,00007FFE0BF6F43E,?,?,?,?,?,00007FFE0BF6F3CA), ref: 00007FFE0BF81C7F
                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFE0BF6F1A3,?,?,00000000,00007FFE0BF6F43E,?,?,?,?,?,00007FFE0BF6F3CA), ref: 00007FFE0BF81C90
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Value
                                                                              • String ID:
                                                                              • API String ID: 3702945584-0
                                                                              • Opcode ID: a9de4d5a89b7d759bb7e71e166243091c1312fd6e4776bea478b732aa5403c6a
                                                                              • Instruction ID: 74ccdfd05992c5024ef4751c2eae0fba04211acb6737f485cb7a7fc9d8a9e7b3
                                                                              • Opcode Fuzzy Hash: a9de4d5a89b7d759bb7e71e166243091c1312fd6e4776bea478b732aa5403c6a
                                                                              • Instruction Fuzzy Hash: 26114F90F0C64241FA689326AE521B972417F497B0F445734E83FDB6F6DE2CF9828604
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF3BD7 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                                              • API String ID: 3668304517-2267907852
                                                                              • Opcode ID: eae48cf29b154a8592d0c7e870acd674272bc2775f49a9c542b8e1c76fec63b2
                                                                              • Instruction ID: 3792cafd49c8043b17cea73d9488ec5f2d1ebc005b886163c31c72c18a1f2098
                                                                              • Opcode Fuzzy Hash: eae48cf29b154a8592d0c7e870acd674272bc2775f49a9c542b8e1c76fec63b2
                                                                              • Instruction Fuzzy Hash: 1991A462A287C641FE109729E8053AE7352FB857A0F504331DAAE97BFADF6CD0818704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF36F6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                              • API String ID: 3668304517-3963725590
                                                                              • Opcode ID: 8aa18e938cf472b62834a2e085f09551e528f040edcc30cd9f31e5b5f81ea4c4
                                                                              • Instruction ID: 69aca7dcb256cf30770a7decd51ea5e56fc8301a981b4ccf998efde05e472142
                                                                              • Opcode Fuzzy Hash: 8aa18e938cf472b62834a2e085f09551e528f040edcc30cd9f31e5b5f81ea4c4
                                                                              • Instruction Fuzzy Hash: 9091A562A286C641FE109769E8443AE7351FB857E0F504331EAAE97BF9DF7CE0818704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF4B14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 203COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                                              • API String ID: 3668304517-1475283317
                                                                              • Opcode ID: 76c460a9afa0cc84317f676c04e65e17221c405f5b9c470ac1301285a90bad35
                                                                              • Instruction ID: 52fe09d6e74d8a3e41a24456e1464f371afa4b5f8e9f8a7c3e19da1e99da1d61
                                                                              • Opcode Fuzzy Hash: 76c460a9afa0cc84317f676c04e65e17221c405f5b9c470ac1301285a90bad35
                                                                              • Instruction Fuzzy Hash: B881A762A187C541FA209B65E8453AE7361FB857E0F504232EAAE97BF6DF7CD081C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFF8A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: {}{}${}{}{}
                                                                              • API String ID: 3668304517-2846689003
                                                                              • Opcode ID: 605c9f5ada0807124158fb0926c69c7b119217b8a05b6c25ed5db52c39d8ae91
                                                                              • Instruction ID: 42d6fa663cc269047e8a3fc932f4efc7168ec7bacd1d33751ab442efec9744a8
                                                                              • Opcode Fuzzy Hash: 605c9f5ada0807124158fb0926c69c7b119217b8a05b6c25ed5db52c39d8ae91
                                                                              • Instruction Fuzzy Hash: 8F917D62F15B8689FB00CF64D8503AC3372F758788F509235DA8D62AAAEF78D595C380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF3917 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 170COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                                              • API String ID: 3668304517-417426335
                                                                              • Opcode ID: 06177713b893120fcbfa3276d465943483b7f79f0ff18dd3b981348bbbef72f3
                                                                              • Instruction ID: 8f6c0ec747ecdb75d930d6ff1edc4202bf49ce2fbb884524ca60e7c2205d3874
                                                                              • Opcode Fuzzy Hash: 06177713b893120fcbfa3276d465943483b7f79f0ff18dd3b981348bbbef72f3
                                                                              • Instruction Fuzzy Hash: 6661B562A287C641FA109729E81536E7351FB857E0F504332E6AE93BFADF6CD481C704
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF4E3F Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                              • API String ID: 3668304517-1752104201
                                                                              • Opcode ID: eac8463e31ff1c54e6cfb6f7ecc0aeed53302ce621d241700a9d805c7a311295
                                                                              • Instruction ID: 82af7f46c296973d3eec3d08ddfd9b7a2c058a5bfe8ac34a48327d1683355e0f
                                                                              • Opcode Fuzzy Hash: eac8463e31ff1c54e6cfb6f7ecc0aeed53302ce621d241700a9d805c7a311295
                                                                              • Instruction Fuzzy Hash: EC51C962A18BC641EB10DB25E8443AE73A1FB857A0F504232EA9E93BF5DF3CD481C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF5758 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$rundll
                                                                              • API String ID: 3668304517-2948112147
                                                                              • Opcode ID: 6078b8c4dd77ce6d66c6c1896ea99b85126e5ccff0228bcb5cd81ef76553c61a
                                                                              • Instruction ID: 84b1a8a70a7bf9bb374ab00a26ee3b74044351ba8f29a1b6fd8e02f0021d4dc3
                                                                              • Opcode Fuzzy Hash: 6078b8c4dd77ce6d66c6c1896ea99b85126e5ccff0228bcb5cd81ef76553c61a
                                                                              • Instruction Fuzzy Hash: 1451A572A18BC581EA20DB15E8443AE7391FB957A0F504236EAAE93BF5DF7CD485C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF248E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 2775327233-1405518554
                                                                              • Opcode ID: c11533c3c598b5b6b3b515016b1e205453fa6f57e2250d478d9c2471dfc0b682
                                                                              • Instruction ID: 1da097899a708c5ac697d4bef5e6c5e7a8c63f0714c36a48f211a3dff56807a5
                                                                              • Opcode Fuzzy Hash: c11533c3c598b5b6b3b515016b1e205453fa6f57e2250d478d9c2471dfc0b682
                                                                              • Instruction Fuzzy Hash: 00415922B0AB4289FB11DFA1E8513BD73A4BF50B88F041834DF5E97AB9DE78D9158314
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF3F86 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                                              • API String ID: 3668304517-283873059
                                                                              • Opcode ID: 976c1a75b707619041d43c11d97302b4ab7be10f048be6034d89fde6a4765e56
                                                                              • Instruction ID: dfe604e221f66c8ffb4a5343b582b9443b08e646458ef2408fd752ccf3a6fb7d
                                                                              • Opcode Fuzzy Hash: 976c1a75b707619041d43c11d97302b4ab7be10f048be6034d89fde6a4765e56
                                                                              • Instruction Fuzzy Hash: 52519762A2C68642FA10DB65E8153AE7361FF857A0F504232E69E97BF5DF7CE4818700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF13DC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 2775327233-1405518554
                                                                              • Opcode ID: 5e463c2545244d12a723f96a66fd94ba93ce98ef41f201d59d7e9c5ae3672ecd
                                                                              • Instruction ID: 9727e6c0a23daf6ac2eb1dd09fb1facb9a4a1ab1bf15d0d9141f0bee29242955
                                                                              • Opcode Fuzzy Hash: 5e463c2545244d12a723f96a66fd94ba93ce98ef41f201d59d7e9c5ae3672ecd
                                                                              • Instruction Fuzzy Hash: 39412832A1AB4199EB14DF61D8503AD33A4FF44B48F480C35DE4E97AB9DF38D9148318
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFDD70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 2775327233-1405518554
                                                                              • Opcode ID: 1b82b1395e471fa959045a9c1f68fb3458e4e1554719711f9b0737aeeefb5442
                                                                              • Instruction ID: 5a11c52aabf07249b56407dfd817159b8f924844348a31d3d3746900556a48c9
                                                                              • Opcode Fuzzy Hash: 1b82b1395e471fa959045a9c1f68fb3458e4e1554719711f9b0737aeeefb5442
                                                                              • Instruction Fuzzy Hash: 44414B32A1AB4689EB14DF60DC503EC37A4BF54B88F444834DE4EA7AB9DF38D9118314
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF09BF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 2775327233-1405518554
                                                                              • Opcode ID: d78744168fa3febd68e6acb945a6f355e63e24ad24036104797d8588ab95d1de
                                                                              • Instruction ID: 3525bb24ec55303accceb2fd58700e1deb7f7e46a29b53c0e60988670862ea54
                                                                              • Opcode Fuzzy Hash: d78744168fa3febd68e6acb945a6f355e63e24ad24036104797d8588ab95d1de
                                                                              • Instruction Fuzzy Hash: 99415C22F5AB4289EB14DFA4D8502EC33A4FF44748F448834DE8E97AB6DF38D9148314
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF38F70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Maklocwcsstd::_$Getvals
                                                                              • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                              • API String ID: 1848906033-3573081731
                                                                              • Opcode ID: 4945e80a272978650193a0fdc4251e42007728a967e1b1419f4d4f27fd509cfb
                                                                              • Instruction ID: 104798ec6bbbf7590114290ff86f32f9871f69cace82d85187771a86145b191f
                                                                              • Opcode Fuzzy Hash: 4945e80a272978650193a0fdc4251e42007728a967e1b1419f4d4f27fd509cfb
                                                                              • Instruction Fuzzy Hash: FF41C272A08B8197E724CF39999056E7BA0FB44B807048135DB9B93E31DFB8F565C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF848D0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                              • String ID:
                                                                              • API String ID: 2718003287-0
                                                                              • Opcode ID: 133dc55c0e21b742c966297e81b5a33beadd4daa88c52926250c49ccd20dd440
                                                                              • Instruction ID: b451fa98b086bcaa977619c55c78250d0eb4e56543fb691ff7780db5008c60d2
                                                                              • Opcode Fuzzy Hash: 133dc55c0e21b742c966297e81b5a33beadd4daa88c52926250c49ccd20dd440
                                                                              • Instruction Fuzzy Hash: 7ED1D132B18A8289F711CF79D8402AC77B6FB54B98B144236CE5E97BB9DE38D506C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF851F8 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE0BF851E3), ref: 00007FFE0BF85314
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE0BF851E3), ref: 00007FFE0BF8539F
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleErrorLastMode
                                                                              • String ID:
                                                                              • API String ID: 953036326-0
                                                                              • Opcode ID: 828b7f52d8a2d9df6e5fa949f133583be639a632029dc99f08393d5885adaad7
                                                                              • Instruction ID: 9593e99c42615c4e43b3d2302f882bf5f7e0b72eacfaea2691e7ba25203b5224
                                                                              • Opcode Fuzzy Hash: 828b7f52d8a2d9df6e5fa949f133583be639a632029dc99f08393d5885adaad7
                                                                              • Instruction Fuzzy Hash: BB91C372E0865286F750CF659C502BD7BA1BB54B88F544139DE0F97AB5DE3CE486C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF2C118 Relevance: 6.2, APIs: 4, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 73155330-0
                                                                              • Opcode ID: 74f12207df7d499e1482457966883e21b5738a2fb94992b729202e373d2c31ae
                                                                              • Instruction ID: 07a95bfd822ec78c75c78a9a79d8e1e301f21fd1dbbc8ed7093b4ae25caf4cde
                                                                              • Opcode Fuzzy Hash: 74f12207df7d499e1482457966883e21b5738a2fb94992b729202e373d2c31ae
                                                                              • Instruction Fuzzy Hash: 9271EE32B1868685EA109B56A94427DB251FB14BE0F544731EF7E87BF6DF3CE4928304
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF69F50 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID:
                                                                              • API String ID: 2943138195-0
                                                                              • Opcode ID: fcda0418a93f4b48c4892e59039bbc35314c9457a69dd79d1b2c6a8e12d19b55
                                                                              • Instruction ID: aafe057abbc5eaf0b84e62c9a143af213bc043142336aeae751995ad407b7765
                                                                              • Opcode Fuzzy Hash: fcda0418a93f4b48c4892e59039bbc35314c9457a69dd79d1b2c6a8e12d19b55
                                                                              • Instruction Fuzzy Hash: 4B918A36E0865B89FB118FA4DC413AC37A9BB04748F548036CE4EA76B9DF7DA845C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF4EF20 Relevance: 6.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                              • String ID:
                                                                              • API String ID: 1944019136-0
                                                                              • Opcode ID: 02189de808f1afc48e4db548e88159a28aa9849dbd79642a15145cf48f07be5e
                                                                              • Instruction ID: d5aeb265d0a4578efc24fd792042083d2bb23ff9d7d5c1f39a6db5e82694825d
                                                                              • Opcode Fuzzy Hash: 02189de808f1afc48e4db548e88159a28aa9849dbd79642a15145cf48f07be5e
                                                                              • Instruction Fuzzy Hash: 10618522A18B8645EA20DB65E8443AA7351FF857E4F505632EEAE877F5DF7CE0C18700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF006C0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFE0BEFB457), ref: 00007FFE0BF0071F
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFE0BEFB457), ref: 00007FFE0BF007BB
                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFE0BEFB457), ref: 00007FFE0BF007E8
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BF0088D
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn
                                                                              • String ID:
                                                                              • API String ID: 1590159271-0
                                                                              • Opcode ID: b7086a876088d587dec3b11278540827a9c408e179ffe2515a5a8513ebf42d64
                                                                              • Instruction ID: 896f4c2c270bfc59597bbd509ad6685a27208af85c9de0a53b036e6a8137a47f
                                                                              • Opcode Fuzzy Hash: b7086a876088d587dec3b11278540827a9c408e179ffe2515a5a8513ebf42d64
                                                                              • Instruction Fuzzy Hash: 0B41C721E28B4681E720DF62A804269B6D5BF94BE0F194735EE6E93BF4DE3CD4818340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6A70C Relevance: 6.1, APIs: 4, Instructions: 133COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+$NameName::
                                                                              • String ID:
                                                                              • API String ID: 168861036-0
                                                                              • Opcode ID: 4b0fed31f8a24bd775459307e2d22a8e08b7a790828e1cd5de89c01666fcfa78
                                                                              • Instruction ID: 0fe2497400d5869c1cf63d24e152d173fa0830491a00d6aa2652be1176a3eff7
                                                                              • Opcode Fuzzy Hash: 4b0fed31f8a24bd775459307e2d22a8e08b7a790828e1cd5de89c01666fcfa78
                                                                              • Instruction Fuzzy Hash: B9512376A18A5689E711CF60ED517BC37A9BB44B88F548031CE0E976BADF39E881C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6CB18 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+$Replicator::operator[]
                                                                              • String ID:
                                                                              • API String ID: 3863519203-0
                                                                              • Opcode ID: 8b1424a90fe7a39b29f50ee7f49137edc693e78d0e2d63f0bf8e570e1fdcd6fb
                                                                              • Instruction ID: edf12d29d81707fdab55ba06240580091d497bd74e508d44c38247a2a6d214ca
                                                                              • Opcode Fuzzy Hash: 8b1424a90fe7a39b29f50ee7f49137edc693e78d0e2d63f0bf8e570e1fdcd6fb
                                                                              • Instruction Fuzzy Hash: F8412672A08B9689EB01DF64D8423AC77A4FB48B48F548135DE8E97779DF7C9881C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF58320 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFE0BF543A3,?,?,00000000,?,?,00007FFE0BF5450E,?,?,?,?,?,00007FFE0BF10BFE), ref: 00007FFE0BF58330
                                                                              • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FFE0BF543A3,?,?,00000000,?,?,00007FFE0BF5450E,?,?,?,?,?,00007FFE0BF10BFE), ref: 00007FFE0BF58367
                                                                              • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFE0BF543A3,?,?,00000000,?,?,00007FFE0BF5450E,?,?,?,?,?,00007FFE0BF10BFE), ref: 00007FFE0BF58382
                                                                              • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFE0BF543A3,?,?,00000000,?,?,00007FFE0BF5450E,?,?,?,?,?,00007FFE0BF10BFE), ref: 00007FFE0BF5839A
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                              • String ID:
                                                                              • API String ID: 3114648011-0
                                                                              • Opcode ID: af0b0b513a503c52e3deb9d93c7df483ea1ddb21ecf733379f330b719c92009b
                                                                              • Instruction ID: 77ea6e15ca651970705ff92d564d0ec3b1888ee0ab9a82410cba0bc589b549fc
                                                                              • Opcode Fuzzy Hash: af0b0b513a503c52e3deb9d93c7df483ea1ddb21ecf733379f330b719c92009b
                                                                              • Instruction Fuzzy Hash: 3001B172E0858A80EB514B21DCA12B537A27F16B52FC81171C69FC75BACE1CD6D6C710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF19E40 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 364COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: 0
                                                                              • API String ID: 3668304517-4108050209
                                                                              • Opcode ID: 2600323673847a6b3ccbd0abeb2eec316d9bd1a4172048d7da4d63bf8a735a36
                                                                              • Instruction ID: cdfe8de974a3f55b6e598453e1cfa93f736a29ea66f9deb171683ff119f0114c
                                                                              • Opcode Fuzzy Hash: 2600323673847a6b3ccbd0abeb2eec316d9bd1a4172048d7da4d63bf8a735a36
                                                                              • Instruction Fuzzy Hash: FBE1C322B19B418AEB10CB65E8402EE77B5FB44784F004936EE9E93BA9EE3CD505C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF55570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BF55702
                                                                                • Part of subcall function 00007FFE0BF04C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FFE0BF04C35
                                                                                • Part of subcall function 00007FFE0BF04C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FFE0BF04C5A
                                                                                • Part of subcall function 00007FFE0BF04C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FFE0BF04C84
                                                                                • Part of subcall function 00007FFE0BF04C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FFE0BF04D15
                                                                              Strings
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp, xrefs: 00007FFE0BF558A6
                                                                              • Could not convert character encoding, xrefs: 00007FFE0BF5589A
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$_invalid_parameter_noinfo_noreturn
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp$Could not convert character encoding
                                                                              • API String ID: 533778753-1756177606
                                                                              • Opcode ID: cc3961754eeecbb52a86cb38647c9d3e5a9b6cfce22cb3c846b9e74e12148789
                                                                              • Instruction ID: 58ec8c43753ff29facc8ee72f44744b6e0b37f6fb8bad3d2f6d6cd0ca4475fef
                                                                              • Opcode Fuzzy Hash: cc3961754eeecbb52a86cb38647c9d3e5a9b6cfce22cb3c846b9e74e12148789
                                                                              • Instruction Fuzzy Hash: 25919162718B8585EE108B15E8503AAB7A1FB987D4F544132EF9E87BB9DF3CE581C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF6670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FFE0BEF6673
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp
                                                                              • API String ID: 0-2526021498
                                                                              • Opcode ID: ed31fa1b40a4e23f31eb0d507efb8d439687d1cf7abdc0abae54462c522f4ddb
                                                                              • Instruction ID: f29ec69418915d9ec76628d736dc3961e49ea59be4e3721105e4437b663c1b88
                                                                              • Opcode Fuzzy Hash: ed31fa1b40a4e23f31eb0d507efb8d439687d1cf7abdc0abae54462c522f4ddb
                                                                              • Instruction Fuzzy Hash: 8F513162A18BC985EA20CB15E8453AAB361FBD9790F505235DADD53BB9DF3CE085C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF2420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: M
                                                                              • API String ID: 3668304517-2059362058
                                                                              • Opcode ID: c376297c5db79b453a9214936f2536df2bccaf2e7e3665563387b44fcd3f4b21
                                                                              • Instruction ID: 1300f89f26fbb42a0446727853f119c9f2e0e1d6f92fe9aebd70ba7a6c3f4956
                                                                              • Opcode Fuzzy Hash: c376297c5db79b453a9214936f2536df2bccaf2e7e3665563387b44fcd3f4b21
                                                                              • Instruction Fuzzy Hash: C0514262A18BC981EA208B15E8453AAB361FBD97A0F405235EBDD53BA9DF3CD085C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF2A90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: DB
                                                                              • API String ID: 3668304517-1293858882
                                                                              • Opcode ID: 4f2475701c47f55c7a1559057472c20aa9262853d02881b332d782228fd6684a
                                                                              • Instruction ID: d5d0ef106c048b6fb7bf5595d26308103ae3136e61a30022175920a47f72994c
                                                                              • Opcode Fuzzy Hash: 4f2475701c47f55c7a1559057472c20aa9262853d02881b332d782228fd6684a
                                                                              • Instruction Fuzzy Hash: 20515372A1CBC980E6208B29E8413EAB360FB997A0F409325EBDD537A5DF3CD585C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF6AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                              • String ID: Mt
                                                                              • API String ID: 3668304517-1399232146
                                                                              • Opcode ID: 5edc10a39aa78b6f75d8b3854417a94bdd9e2107ae8f6fe82254dd1217b3ce0e
                                                                              • Instruction ID: a02516eecdd607a23eb60877689ae8aab7876f3aa9324f7f56639bfbbbf113a3
                                                                              • Opcode Fuzzy Hash: 5edc10a39aa78b6f75d8b3854417a94bdd9e2107ae8f6fe82254dd1217b3ce0e
                                                                              • Instruction Fuzzy Hash: A8516462A1DBC985EA318B29E8413EAB360FBD97A0F405321DADD53BA5DF7CD185C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF8B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$ErrorLastMtx_unlockPathTemp_invalid_parameter_noinfo_noreturn
                                                                              • String ID: port name cannot be empty
                                                                              • API String ID: 2419482883-1868005089
                                                                              • Opcode ID: 01edf5dbae7c7293e8fa5c08f82d5da5628c5ce546370ab03acf53ba8f46b614
                                                                              • Instruction ID: aa87803b62711f9b32b514030401d365d1f6e07495fe5512d220d9f6d00d2d0d
                                                                              • Opcode Fuzzy Hash: 01edf5dbae7c7293e8fa5c08f82d5da5628c5ce546370ab03acf53ba8f46b614
                                                                              • Instruction Fuzzy Hash: 80419022B29B4A81EA10DB25EC502AE7360FF84BE4F544131EA5E877F5DE3CD4868700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEFAAF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00007FFE0BF00460: GetTempPathW.KERNEL32 ref: 00007FFE0BF004AA
                                                                                • Part of subcall function 00007FFE0BF00460: GetLastError.KERNEL32 ref: 00007FFE0BF004B4
                                                                                • Part of subcall function 00007FFE0BF00460: WideCharToMultiByte.KERNEL32 ref: 00007FFE0BF00533
                                                                                • Part of subcall function 00007FFE0BF00460: WideCharToMultiByte.KERNEL32 ref: 00007FFE0BF0056C
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFAC92
                                                                              • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE0BEFAC98
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                                              • String ID: Wildix FaxPort
                                                                              • API String ID: 1286625825-2810657378
                                                                              • Opcode ID: 93fdf2950ff945f7ec4ce63cf3a1974a3aa22a959710a81fb1456989e1361f6f
                                                                              • Instruction ID: 5ba6b13ee176eaca6109ebcb5fac45236f113b30ff783fa1d72350bf99151ffa
                                                                              • Opcode Fuzzy Hash: 93fdf2950ff945f7ec4ce63cf3a1974a3aa22a959710a81fb1456989e1361f6f
                                                                              • Instruction Fuzzy Hash: 03419872A19B8A82EA10CB25E84036D7361FB857E0F545231EA5E977F5DF3CD481C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF0A010 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 593203224-1405518554
                                                                              • Opcode ID: 0d9d80600485444ad79f40be8b0be6d787fdbb195752098556b1e1cf47f7ca99
                                                                              • Instruction ID: f7347d9f046afbd9b2d6280125d4b86cee350a36328ef765bf1568b95d489c14
                                                                              • Opcode Fuzzy Hash: 0d9d80600485444ad79f40be8b0be6d787fdbb195752098556b1e1cf47f7ca99
                                                                              • Instruction Fuzzy Hash: 9E415A22B1AB4188FB15DFA0E810BBC33A4BF44788F440434EE5E93AB9DE38D915C344
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF84F68 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLastWrite
                                                                              • String ID: U
                                                                              • API String ID: 442123175-4171548499
                                                                              • Opcode ID: 5f663c3fd3d255cfda4f5e2944c61ba0478e2b525ba73fc05a31a5376b2717e3
                                                                              • Instruction ID: b5bf76f54819135a2c84380c73e9226ab64c4a520c42534fcbfeb03ab2a9cb99
                                                                              • Opcode Fuzzy Hash: 5f663c3fd3d255cfda4f5e2944c61ba0478e2b525ba73fc05a31a5376b2717e3
                                                                              • Instruction Fuzzy Hash: 42418422B18A4686DB208F69E8453AA7761FB94794F404135EE4EC77B8EF7CD441C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF6A9D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: NameName::
                                                                              • String ID: %lf
                                                                              • API String ID: 1333004437-2891890143
                                                                              • Opcode ID: 85668a36295343c5ac8733365a08c63ad65be95d1277db086a08029145af80e5
                                                                              • Instruction ID: 1c8fa9244c28f267c516e79b1e37b50f746227b44ee436b579d1ff1d59bb8be7
                                                                              • Opcode Fuzzy Hash: 85668a36295343c5ac8733365a08c63ad65be95d1277db086a08029145af80e5
                                                                              • Instruction Fuzzy Hash: 2031D521A0CB8B81EA25DB21AD510B9B3A5BF45784F448236EE4FD77B6DF3CE5418300
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF581A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFE0BF581CF
                                                                                • Part of subcall function 00007FFE0BF55E10: __std_exception_copy.LIBVCRUNTIME ref: 00007FFE0BF55E3A
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFE0BF5827F
                                                                                • Part of subcall function 00007FFE0BF55E80: __std_exception_copy.LIBVCRUNTIME ref: 00007FFE0BF55EAF
                                                                              Strings
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp, xrefs: 00007FFE0BF58223
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: __std_exception_copystd::bad_exception::bad_exception
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp
                                                                              • API String ID: 3754101179-738887669
                                                                              • Opcode ID: 7dcdcee4e66897240bf0cdfbf3d26afe63a67e711857ac5f467846a6ae3dd0d1
                                                                              • Instruction ID: 8209c1a8aad1a52354ddca400ac161cbfdd3a91ff52c6e59897610eb97065d34
                                                                              • Opcode Fuzzy Hash: 7dcdcee4e66897240bf0cdfbf3d26afe63a67e711857ac5f467846a6ae3dd0d1
                                                                              • Instruction Fuzzy Hash: 29217F51B1958655D910A622DC553FBB721BF95BC0F848031EB4FCBBBBED2CE5068780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF69E3C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Name::operator+
                                                                              • String ID: void$void
                                                                              • API String ID: 2943138195-3746155364
                                                                              • Opcode ID: f1c05fc7145a031106bed610ff3aaeeeae1446770ef8835e39a4b602f214c1b6
                                                                              • Instruction ID: 8aa0b0e99de35ffd4e2cc7c9778873b28006fb9bbabadb813a957bad867d3cfe
                                                                              • Opcode Fuzzy Hash: f1c05fc7145a031106bed610ff3aaeeeae1446770ef8835e39a4b602f214c1b6
                                                                              • Instruction Fuzzy Hash: B0311366E18A5A98FB00DBA4EC420EC37B8FB48748B844136DE4EA7B79DF7C9544C750
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BEF8D70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Mtx_unlock
                                                                              • String ID: ,$port object {:#x} is not present in the list
                                                                              • API String ID: 1418687624-2950792495
                                                                              • Opcode ID: f2726cfe368c0018a19b06c7d5213c5894d768bf02e51a0aac68a84f5462c573
                                                                              • Instruction ID: b9f508156e55a9796a7586f0fb3c59d69437fb3f15ef9306996599f86f55bb35
                                                                              • Opcode Fuzzy Hash: f2726cfe368c0018a19b06c7d5213c5894d768bf02e51a0aac68a84f5462c573
                                                                              • Instruction Fuzzy Hash: A621AF32618B8A81EA64CB21E8503AA73A0FF847C0F844531EA9E87B75DF3CE456C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF239B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                              • String ID: bad locale name
                                                                              • API String ID: 1838369231-1405518554
                                                                              • Opcode ID: a6def5bc57086b163726a0931fdd04756445cd0118717f0d6f7130d339d2c2e0
                                                                              • Instruction ID: 100916010ad9ec7f4bdd4a4742405c18f1356e45150a0df71a34703b4dff1c60
                                                                              • Opcode Fuzzy Hash: a6def5bc57086b163726a0931fdd04756445cd0118717f0d6f7130d339d2c2e0
                                                                              • Instruction Fuzzy Hash: 3E016D2350AB8189D744DF79A88016C77B5FB68B88B186139DA9DC372EEF38C890C344
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF61DDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE0BEF314F), ref: 00007FFE0BF61E20
                                                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE0BEF314F), ref: 00007FFE0BF61E66
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFileHeaderRaise
                                                                              • String ID: csm
                                                                              • API String ID: 2573137834-1018135373
                                                                              • Opcode ID: 81885f7563f5cbc4e853b031928c0d3fa19fbbd861defef8bb5bbab469655405
                                                                              • Instruction ID: a78db5679485eafd9880dcc23defede2f89304f270ba84d03887ff177b68911d
                                                                              • Opcode Fuzzy Hash: 81885f7563f5cbc4e853b031928c0d3fa19fbbd861defef8bb5bbab469655405
                                                                              • Instruction Fuzzy Hash: 5A115E32618B8182EB608F15F84026977A5FB98B84F585234DF8E57B74DF3CD551CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFE0BF5A9A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • TlsAlloc.KERNEL32(?,?,00000000,00007FFE0BF5544A,?,?,00000000,00007FFE0BF554C8,?,?,?,?,?,?,?,00007FFE0BF0B9CE), ref: 00007FFE0BF5A9A9
                                                                              Strings
                                                                              • TLS capacity depleted, xrefs: 00007FFE0BF5A9C5
                                                                              • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\thread_specific.cpp, xrefs: 00007FFE0BF5A9CC
                                                                              Memory Dump Source
                                                                              • Source File: 0000001C.00000002.3514914854.00007FFE0BEF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE0BEF0000, based on PE: true
                                                                              • Associated: 0000001C.00000002.3514855952.00007FFE0BEF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515101893.00007FFE0BF9A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515199638.00007FFE0BFC5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515259194.00007FFE0BFC7000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515309540.00007FFE0BFCA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 0000001C.00000002.3515367229.00007FFE0BFCD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_28_2_7ffe0bef0000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Alloc
                                                                              • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\thread_specific.cpp$TLS capacity depleted
                                                                              • API String ID: 2773662609-3276512853
                                                                              • Opcode ID: 42257bb316c38b4434ae9edf39a9874abfcc27e038a4808b61ea6988e3d81818
                                                                              • Instruction ID: bbd8a33091bf0524c473945b1e2ef67f9385d1e8c5ff0b1444cb85a3df8196fc
                                                                              • Opcode Fuzzy Hash: 42257bb316c38b4434ae9edf39a9874abfcc27e038a4808b61ea6988e3d81818
                                                                              • Instruction Fuzzy Hash: 9FE09A79A0850E8AE7289B61EC404A83321FF05764F181631CA2FCBAF0EF3CB1D68741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BAF38F2 Relevance: 3.2, Strings: 2, Instructions: 723COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1927922756.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9baf0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (_^$d._H
                                                                              • API String ID: 0-1298079049
                                                                              • Opcode ID: acf36a851efd4174306ad37bfa4a8313b8147df9c5df0a5f2c577d53079eddda
                                                                              • Instruction ID: 023b111a3a02a078da67a7476d11939201dce3d33fbf91faae80bb7260c19f9c
                                                                              • Opcode Fuzzy Hash: acf36a851efd4174306ad37bfa4a8313b8147df9c5df0a5f2c577d53079eddda
                                                                              • Instruction Fuzzy Hash: C3E1F552B0E7E65FD31AB7BCB8B64E53FA0DF0222971801F7D098CB0A3ED5865468394
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A2131 Relevance: .9, Instructions: 882COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: acf7424bb518426859907ccbacf535970304e59169ef73b3a0efe948a2835f78
                                                                              • Instruction ID: cd24d58d71795c39ed30693e665174d605d1b0c3adcf8da96049151f86b14025
                                                                              • Opcode Fuzzy Hash: acf7424bb518426859907ccbacf535970304e59169ef73b3a0efe948a2835f78
                                                                              • Instruction Fuzzy Hash: E852D530B09A4A8FEB99DF68C465A6977E1EF4A34074501F9D40ECB2E7DE28ED42C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A0FF1 Relevance: .9, Instructions: 879COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1eb84414adc4d4eebae15bedee840009df7e1839190bb76a62bd04197b12e637
                                                                              • Instruction ID: c826e8cecbd1976fe76e8e2a43c2bbff0f2629f1c2866eee46017df7cdd0769d
                                                                              • Opcode Fuzzy Hash: 1eb84414adc4d4eebae15bedee840009df7e1839190bb76a62bd04197b12e637
                                                                              • Instruction Fuzzy Hash: B8424430B0DA494FE369EB288461A75B7E1FF9A340F1501BDE09EC71A6DE28E843C751
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A0A4D Relevance: .6, Instructions: 556COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 88c0114ca2a3fc6b0bb6843a3febbc9d141c620887fa0d3f95789fc7777a1eca
                                                                              • Instruction ID: 6e9d0f5d540c7e6f4aa2bdd3d5432fc7c33a21d3072a686b8369ef57095998d2
                                                                              • Opcode Fuzzy Hash: 88c0114ca2a3fc6b0bb6843a3febbc9d141c620887fa0d3f95789fc7777a1eca
                                                                              • Instruction Fuzzy Hash: 5E12C030B19A4A8FE79ADF68C460AA577E1FF4A340F5541BAD04DC72D7DE38A882C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B96062D Relevance: .4, Instructions: 386COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1927155574.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b960000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7660be8eacd750714f30ecb4eb62df9b413fdc728a0666e0488a3d4d6e350692
                                                                              • Instruction ID: 613c549806f99fc1eafbc98a90c3b7cbf408ecd0be23def516bf0a011ef8ab91
                                                                              • Opcode Fuzzy Hash: 7660be8eacd750714f30ecb4eb62df9b413fdc728a0666e0488a3d4d6e350692
                                                                              • Instruction Fuzzy Hash: BED1A330B19A4E9FE7EADB6884A066437E1FF4A740B5600BAC44DCB1EBDE6C5D81C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A05E8 Relevance: .2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8b8b7979f4e860af49e9523cfa961ab932e739e6e9ef474c756c9debc77eb2d4
                                                                              • Instruction ID: 6f6665a9aea2db4bd3c9b1aa1764154d8854cbe89f610568f21c576c37bdb849
                                                                              • Opcode Fuzzy Hash: 8b8b7979f4e860af49e9523cfa961ab932e739e6e9ef474c756c9debc77eb2d4
                                                                              • Instruction Fuzzy Hash: 7651F420A0F6CA5FD357977888689607FA0EF4731075942FEC099CF1A3D929A947C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A0901 Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb85beb59fc08e37bea392204e3eb36c861cbcfc10a5c420fe41a1ab9923aa5f
                                                                              • Instruction ID: 38ebe7e75c724948e4c57f2a028985c50c491a9063e2d8685266221a85472286
                                                                              • Opcode Fuzzy Hash: fb85beb59fc08e37bea392204e3eb36c861cbcfc10a5c420fe41a1ab9923aa5f
                                                                              • Instruction Fuzzy Hash: 50313B30B159098FDB99FB2C8869A6C77E1FF5930574600F5E40DCB2B6EE28EC818B41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A1AB2 Relevance: .1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4682d016c7812640d66bf1ccfcc3f98b3770319c9d9098cce0e12aab01d4b34b
                                                                              • Instruction ID: 4b4067e902e6d4ce294543b69f6088de5a065c2df128122d5a62eef1a1f7984f
                                                                              • Opcode Fuzzy Hash: 4682d016c7812640d66bf1ccfcc3f98b3770319c9d9098cce0e12aab01d4b34b
                                                                              • Instruction Fuzzy Hash: 6E31B321B0EA8A0FE7A6A77C58752757BE1EF5B211B0A01F7D048CB1E3ED089C42C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A1BA5 Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c85893d5505844e6b63c0b1d885d1c57b351070ceaf52acc6b6ad93c0b123c5
                                                                              • Instruction ID: 0e9863f6c55d1ba22a4dbb8f1aaccf43151e028b8f11c4468a9e8f5e108048df
                                                                              • Opcode Fuzzy Hash: 3c85893d5505844e6b63c0b1d885d1c57b351070ceaf52acc6b6ad93c0b123c5
                                                                              • Instruction Fuzzy Hash: BF114822F0DB8A4FE39A9B7C586526437F1EF4A2A074A01F7D408CB1E7E95C0D82C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A089D Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 86859122a71d5c22dbfd04bac1956eece19423a034eda5d41caff7bfb0e704e5
                                                                              • Instruction ID: 1be65209cfe520d44210daed4d72e733c9bc1b7b2a50a3ea59e87a036b593d5c
                                                                              • Opcode Fuzzy Hash: 86859122a71d5c22dbfd04bac1956eece19423a034eda5d41caff7bfb0e704e5
                                                                              • Instruction Fuzzy Hash: 29F0C82091F78A0FDB52B7B458214A5BFE09F4B124F0A05FBD88CC70B3E85C8A858367
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B8A19D8 Relevance: .0, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1926874258.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b8a0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b4c6e957727cb4db93c09d252ebc4bb2d42c6cebf3d34769768b5919c0e5f6da
                                                                              • Instruction ID: 62cbea809cddcaec7246330cafbd19280aa3b498bc322e0ab675d1dee73cd46e
                                                                              • Opcode Fuzzy Hash: b4c6e957727cb4db93c09d252ebc4bb2d42c6cebf3d34769768b5919c0e5f6da
                                                                              • Instruction Fuzzy Hash: D5F0E261A0FACA4FE796E7B484215947FE1EF0B25074944FAC44CCF1A3E92C58868311
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 00007FFD9BAF0060 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1927922756.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9baf0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: C(_^$E(_I
                                                                              • API String ID: 0-1416244330
                                                                              • Opcode ID: f4b177466e00553c3c5962aed6d087347c4d44ecf0a238affeb9ee564548290f
                                                                              • Instruction ID: 7e8f9d2fbcbcd97ee0f26e437be2aadb158cfb61a5c32eb68a722c51a643002d
                                                                              • Opcode Fuzzy Hash: f4b177466e00553c3c5962aed6d087347c4d44ecf0a238affeb9ee564548290f
                                                                              • Instruction Fuzzy Hash: 7A912893B0F3D55BD7269BB8A8B50E83F50EF4166471D01FBD0D88B0EBE854A946C398
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9B9689F2 Relevance: 6.4, Strings: 5, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000001E.00000002.1927155574.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_30_2_7ffd9b960000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @_^S$@_^W$@_^c$@_^k$@_^o
                                                                              • API String ID: 0-2610165837
                                                                              • Opcode ID: db17f404bcbd7a94a5c0dedd4608f36d771884f1d96e5bb831c4de323f9182b7
                                                                              • Instruction ID: a134b18f3bb042a2939d7cd632bb9cb6da6580ca9a77ac108d04df5b9750ea0e
                                                                              • Opcode Fuzzy Hash: db17f404bcbd7a94a5c0dedd4608f36d771884f1d96e5bb831c4de323f9182b7
                                                                              • Instruction Fuzzy Hash: 75510AD2A0F2C69FE72687F82C251A87FA0AF0235471D41FBC4988F1EBD9585A06C356
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BAC2131 Relevance: 49.6, Strings: 39, Instructions: 882COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: X7iN$`7iN$`7iN$h7iN$h7iN$p7iN$p7iN$x6iN$x7iN$x7iN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN$ZiN
                                                                              • API String ID: 0-74736095
                                                                              • Opcode ID: 4e32e33fcee1108c67d04a6ea8a7505714b37230de4287a900b209934767ca6c
                                                                              • Instruction ID: 534e8538988da6e053763fc72066b45fb0fd9a85582fe04b3a0b4a1d240998d6
                                                                              • Opcode Fuzzy Hash: 4e32e33fcee1108c67d04a6ea8a7505714b37230de4287a900b209934767ca6c
                                                                              • Instruction Fuzzy Hash: 9552C520B19A4A8FD759EF6C84A4A7577E2EF5A304B1501F9E04ECF2E6CE38AD41C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC0FF1 Relevance: 8.4, Strings: 6, Instructions: 879COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (7iN$(7iN$07iN$07iN$87iN$@7iN
                                                                              • API String ID: 0-1309171933
                                                                              • Opcode ID: c2c51110282165e685405ab0604fde1361d77eeb086b239620966c28e0e242f7
                                                                              • Instruction ID: bab1931f8e5c9b27e76b0841dbd204cbdd5b996c065d6ef939d211ca288f711b
                                                                              • Opcode Fuzzy Hash: c2c51110282165e685405ab0604fde1361d77eeb086b239620966c28e0e242f7
                                                                              • Instruction Fuzzy Hash: 3B426830B0DA494FE769EB2C8461975B7E1EF65304F1505BDE09FC72A6DE28E8038781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC0A4D Relevance: 4.3, Strings: 3, Instructions: 555COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 7iN$6iN$6iN
                                                                              • API String ID: 0-572777744
                                                                              • Opcode ID: 0cff4595c3b585f30900497d4a1edd19c4a96dee62455323f068a8af3dd73f0b
                                                                              • Instruction ID: d040597b036a88d554283691f39ca2e85b2b144fb0880f59cede2abdeb943e76
                                                                              • Opcode Fuzzy Hash: 0cff4595c3b585f30900497d4a1edd19c4a96dee62455323f068a8af3dd73f0b
                                                                              • Instruction Fuzzy Hash: 8E12BF3071DA4A8FE769EF288460A7577E2FF4A304F5142B9E04DCB2E6CE78A941C745
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC1BA5 Relevance: 3.8, Strings: 3, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: X7iN$ZiN$ZiN
                                                                              • API String ID: 0-1980500462
                                                                              • Opcode ID: 6e85e0cd9db6a1982562c1ebd1724c97bac0c0edd8f7c1370fa3ed79ee754fa0
                                                                              • Instruction ID: 54c8f69b16ab2f6f9a5c6b64660c7647d65c413cd4ace441b4426506c18f2685
                                                                              • Opcode Fuzzy Hash: 6e85e0cd9db6a1982562c1ebd1724c97bac0c0edd8f7c1370fa3ed79ee754fa0
                                                                              • Instruction Fuzzy Hash: 35114411F1AA5A4FE39A5F2C18652713BE1EF5A350B4501E6F409CF2E6EA181D41C396
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC05E8 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H7iN$P7iN
                                                                              • API String ID: 0-3691267317
                                                                              • Opcode ID: 11e37341fe39c03e6d72121213822fc7efb83b889440c434bbb36bb9dd7f451f
                                                                              • Instruction ID: 748c38b85288ee494e3c4ad33134cc88e60bbe874cd72f80eb370d3b9b671b29
                                                                              • Opcode Fuzzy Hash: 11e37341fe39c03e6d72121213822fc7efb83b889440c434bbb36bb9dd7f451f
                                                                              • Instruction Fuzzy Hash: 7F511420A0F28A4FD31AA77888685607FA0EF5731071A42FED099CF1B3D9696947C792
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC19D8 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H7iN$P7iN
                                                                              • API String ID: 0-3691267317
                                                                              • Opcode ID: 3ac0d68032cbcef56cde9252851b658ebfc49049de5fce650ee86868a48d2168
                                                                              • Instruction ID: 8f42e7ad89b4f986ef785bb845a54e26d27dcdf97ff7fc14ca17ecadbed5b36c
                                                                              • Opcode Fuzzy Hash: 3ac0d68032cbcef56cde9252851b658ebfc49049de5fce650ee86868a48d2168
                                                                              • Instruction Fuzzy Hash: BBF0E210A0F68A0FD756EBB844251647FD19F07340B0505F9D048CF2B3E8682A458344
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC1AB2 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ZiN
                                                                              • API String ID: 0-1865356905
                                                                              • Opcode ID: 3f9335542d6d1dc575458f8287c99a2ba5d210b0866c9602c55e7cef1488653d
                                                                              • Instruction ID: c468e238193896fb3fca30e26422a95becd62b177a82a965834c020097bd0994
                                                                              • Opcode Fuzzy Hash: 3f9335542d6d1dc575458f8287c99a2ba5d210b0866c9602c55e7cef1488653d
                                                                              • Instruction Fuzzy Hash: E731EA51B1EA8E0FE7A6A77C48B52717BE1EF6A21170A41FBD04CCB1A3ED495C46C341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC089D Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ZiN
                                                                              • API String ID: 0-1865356905
                                                                              • Opcode ID: d90c7b787e519c372e69ae93cd7c2920f093a4a1b42bada683e9efeaf10c4b7c
                                                                              • Instruction ID: 00a0bae05ff1afacd2aeaf5ce49769a140e5e02bc62c43843db244eb3c5dbf31
                                                                              • Opcode Fuzzy Hash: d90c7b787e519c372e69ae93cd7c2920f093a4a1b42bada683e9efeaf10c4b7c
                                                                              • Instruction Fuzzy Hash: 0CF0CD2091E7560FD762777464114B67FE08F47214F0604F7E49CD71B3D45C4A85836A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB8062D Relevance: .4, Instructions: 385COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2037015387.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bb80000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cbbb4825ec94a08bc83006e56b4fd3dd98d3fbbc983f0e547936d5f3e1857c20
                                                                              • Instruction ID: 92e471bb80b4ea7a4cf14fe97c9fa129311b6390f576e27416e375205c067961
                                                                              • Opcode Fuzzy Hash: cbbb4825ec94a08bc83006e56b4fd3dd98d3fbbc983f0e547936d5f3e1857c20
                                                                              • Instruction Fuzzy Hash: 1FC17220B19A5E4FE79ADB68842063537E1FF46788F9501E9E04DCB2F2CE385E41C785
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC0901 Relevance: .1, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2036833105.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4bdfe235be604ac54e212ad4e92e693fb76a4293406c07b059bbf07b18cbc8c8
                                                                              • Instruction ID: 40ed8b90e91bb712411d6ae70123aa5499bd8547ba31375f399d45702881f1ee
                                                                              • Opcode Fuzzy Hash: 4bdfe235be604ac54e212ad4e92e693fb76a4293406c07b059bbf07b18cbc8c8
                                                                              • Instruction Fuzzy Hash: 01314F30B158198FDB98FB2CC4A8E6837E1EF59305B4500F5E41ECB2B6DE29EC818741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 00007FFD9BB815FA Relevance: 5.5, Strings: 4, Instructions: 456COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000022.00000002.2037015387.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_34_2_7ffd9bb80000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: +A_^$,A_^$.A_^$0A_I
                                                                              • API String ID: 0-189021232
                                                                              • Opcode ID: b5bb432e3a2e6371b8f62eec3f63f3642a664c0e61728708d39a646d566d018b
                                                                              • Instruction ID: 66e0d288051d504fbc2693c4f077a81df383f6c24b037cc2472977c92ae4460a
                                                                              • Opcode Fuzzy Hash: b5bb432e3a2e6371b8f62eec3f63f3642a664c0e61728708d39a646d566d018b
                                                                              • Instruction Fuzzy Hash: F8D1EE63B0FBC50FF32955AC68261692FD1FF95268B1941FFE0C44A0FBB865A9078346
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BAB0FF1 Relevance: .7, Instructions: 662COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 23760d0a7a587d7d511286cc3642102dcf614dee0c0c7b59485c503a52bebcb8
                                                                              • Instruction ID: 0f2821527490d61d80970ad8e2aad47d55ba10f2f66255f989e7df8095a30e7b
                                                                              • Opcode Fuzzy Hash: 23760d0a7a587d7d511286cc3642102dcf614dee0c0c7b59485c503a52bebcb8
                                                                              • Instruction Fuzzy Hash: A012AB31B1DB890FD359DB6884A19B57BE1EFA5314F0406BDE0AFC71A7DD28A8038741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB22B4 Relevance: .6, Instructions: 560COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bea74a8d3d6675745d289d08640e294463f341a2f813f14dd23077c8978c93b3
                                                                              • Instruction ID: a976d7ea4288a328e00c0e6aebc0cf89cc6e41b322b5dda19f3c88d7739d65bf
                                                                              • Opcode Fuzzy Hash: bea74a8d3d6675745d289d08640e294463f341a2f813f14dd23077c8978c93b3
                                                                              • Instruction Fuzzy Hash: FA021560B1EA891FE759E7BC44766B97FE1DF59210B4901FED49ACB2E3CD1CA8028701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB7062D Relevance: .2, Instructions: 218COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149514081.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bb70000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1485de9af3671f4a4f42e4afa9c0675a0fec9a1da8e207cc73e91a98b7104189
                                                                              • Instruction ID: 4f9ee5274d166fffb85b0065d0d6647254c48f40dee4e444d1b3b130845a5461
                                                                              • Opcode Fuzzy Hash: 1485de9af3671f4a4f42e4afa9c0675a0fec9a1da8e207cc73e91a98b7104189
                                                                              • Instruction Fuzzy Hash: 546106B060E6C91FD766E7BC44B56AA7FE1EF4651070905EFE08ACB9F3C91CA8068351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB0BC6 Relevance: .2, Instructions: 178COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0558089d9c52e550d25c2c7c9f224e5624df852e56a121f6237fa77641b2b6c6
                                                                              • Instruction ID: 5c27b71dad18460c73f03f253d850986b2872ba20c6dc6ab6b0e9f0484daf2d1
                                                                              • Opcode Fuzzy Hash: 0558089d9c52e550d25c2c7c9f224e5624df852e56a121f6237fa77641b2b6c6
                                                                              • Instruction Fuzzy Hash: CA51343071DA895FE779DBB88460BA97BE0EF49710F0505BDD09EC35E2CA68B846CB44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB0901 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 39227b3138b990876ef9a21b81404bf12d7abeab5be28f4f8bb0f1e8dcacf0fb
                                                                              • Instruction ID: c4c4af7ab3599d487d91cd3d5f26f36fdeb8b90eb4c957aeec6badcd5c0cd8fd
                                                                              • Opcode Fuzzy Hash: 39227b3138b990876ef9a21b81404bf12d7abeab5be28f4f8bb0f1e8dcacf0fb
                                                                              • Instruction Fuzzy Hash: 0F313A307159198FD798FB3CC8A9E683BE1EF5930574500F9E40ACB2B6EE69EC418B41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB1AB2 Relevance: .1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0963ecc07b46cfa09bc038e1170caa76110b84439e6670137936d269be825cf1
                                                                              • Instruction ID: 922abd8b09b933e2b09130a7912db05cc10b9ebf6b48c225c90815d10e4acd3d
                                                                              • Opcode Fuzzy Hash: 0963ecc07b46cfa09bc038e1170caa76110b84439e6670137936d269be825cf1
                                                                              • Instruction Fuzzy Hash: A3313A51B1EA990FD762977C48B62B57FE1DF66210B0A01FBD058CB1A3ED485C428342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB707E4 Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149514081.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bb70000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4a430d1db7e6b6ed1b0663c7e4154798a6a0bfe51f33b6a1f968db6b1e6938e9
                                                                              • Instruction ID: 05fec06e5147f3c0b3ad508a2e2708b177261321ca732b2611baa294f2e2acf0
                                                                              • Opcode Fuzzy Hash: 4a430d1db7e6b6ed1b0663c7e4154798a6a0bfe51f33b6a1f968db6b1e6938e9
                                                                              • Instruction Fuzzy Hash: 3221817015A1855FC34ADB7888B5EA67FE5EF4A21070905EEE0CBDF9F3C618A806C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB1BA5 Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4c8905c7155d83e64b641910bb05651f9b885947ed647b7854742c5726f9c44b
                                                                              • Instruction ID: 879b6882eb3fdf81b23b81cc87dbc345eff327ca673e4ae47a4b57760ceae138
                                                                              • Opcode Fuzzy Hash: 4c8905c7155d83e64b641910bb05651f9b885947ed647b7854742c5726f9c44b
                                                                              • Instruction Fuzzy Hash: 6A114821A1E6855FC759977C08BB4B43BD0EF5651174606FEE046CB1E6EA1C2802C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB70871 Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149514081.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bb70000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: de6feff71e630460ec1a47c3db70a27225a532e8b547d12eaf7a56b21f2be2a5
                                                                              • Instruction ID: 1e85b9a306ce36c07b978d960eeeed686160ecb33483df402512c80e733e38fc
                                                                              • Opcode Fuzzy Hash: de6feff71e630460ec1a47c3db70a27225a532e8b547d12eaf7a56b21f2be2a5
                                                                              • Instruction Fuzzy Hash: 0511A57060F28A5FDB56D7AC48B15A97FF0EF4661470909FEE08ECBDF2C918A4168311
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB70817 Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149514081.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bb70000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 67149fdd1a9bc7bd3902033c9ba3a133e328ec7075ce0425aaebc80ee2022ceb
                                                                              • Instruction ID: bd4489bc3a1d657ea564c08a0d208348865b09e64cfce272d4ee13bdb2c76532
                                                                              • Opcode Fuzzy Hash: 67149fdd1a9bc7bd3902033c9ba3a133e328ec7075ce0425aaebc80ee2022ceb
                                                                              • Instruction Fuzzy Hash: 3FF0B47025A5891FD749D7BC84B5AA53FD1EF4A20034505EDF08BCB9F3C50CA4028310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB089D Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f0dcd89e1b306a9557ef8110d25db63642111a69943990d8345a6c7945a9b59d
                                                                              • Instruction ID: ea08787d0fe0555c628468a333418af455a4f8c80723c0d37d5f0b4cb01ecc77
                                                                              • Opcode Fuzzy Hash: f0dcd89e1b306a9557ef8110d25db63642111a69943990d8345a6c7945a9b59d
                                                                              • Instruction Fuzzy Hash: ECF06D2090D7C50FC752E77808A94567FF0CE5B120B0A09EFD8C9DB4B3D55C89468323
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB08E1 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e18fc4e9ac1216eb337e5faab3fdfccfbf714ceb6fd97cfa9b705c0c4e4d3c8
                                                                              • Instruction ID: 71abc79e2087614de7da531e9f49e87c86fb1dacfe5cfcfd47db4e3b589312df
                                                                              • Opcode Fuzzy Hash: 6e18fc4e9ac1216eb337e5faab3fdfccfbf714ceb6fd97cfa9b705c0c4e4d3c8
                                                                              • Instruction Fuzzy Hash: 6CC0121094E43A12EDB032C5B0114F473804B81620F070474E86C451A2D88D5BC20699
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB1A16 Relevance: .0, Instructions: 7COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000024.00000002.2149273705.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_36_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                              • Instruction ID: 2f8c1f59ae44ee536e722c10ae13cb55be1841abd95195cc78314fa5aacd62ed
                                                                              • Opcode Fuzzy Hash: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                              • Instruction Fuzzy Hash: 3DA02200F8380E02CC3832F208220A830C00B88000FC32830800CC2282FCCE8A800200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BB55FF2 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2258084806.00007FFD9BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB50000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9bb50000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: C_^
                                                                              • API String ID: 0-3899854727
                                                                              • Opcode ID: b9aa3f5933244b8d631cd19996489a01ab0c74e4a7da8cb0f85bb5a6b5791094
                                                                              • Instruction ID: 06e4771118d46553e64572335f805ae5277896c1533241d16a1f1649732e17d5
                                                                              • Opcode Fuzzy Hash: b9aa3f5933244b8d631cd19996489a01ab0c74e4a7da8cb0f85bb5a6b5791094
                                                                              • Instruction Fuzzy Hash: 49B1EA17B0E1960AE325B6BCB8664E86B50DF6623F70943F7E5DD8E0E7DC08244BC295
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA90FF1 Relevance: .7, Instructions: 664COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 812c2e9e2d45b90d92d2a43a097596577d53c48bc47bc87688dfdb719fe83d5e
                                                                              • Instruction ID: 3da90a4b4978ac0f8c1f46edc1ffc209272e5779e8fe7c41a74ffcc74fe37c44
                                                                              • Opcode Fuzzy Hash: 812c2e9e2d45b90d92d2a43a097596577d53c48bc47bc87688dfdb719fe83d5e
                                                                              • Instruction Fuzzy Hash: 6012AA30B0DB891FE359EB2884A25B577E1EFA9314B1545BEE08FC71A7DD29A8038341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA922AD Relevance: .6, Instructions: 562COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9bebcf73308b2a62c36230b0a3b74e0d2b14c41b86d9aa0e3ca1906d5993c931
                                                                              • Instruction ID: d1899771f26a03c8c79cbd9f251ff3fb86334d439f0e943c3723655713c838bc
                                                                              • Opcode Fuzzy Hash: 9bebcf73308b2a62c36230b0a3b74e0d2b14c41b86d9aa0e3ca1906d5993c931
                                                                              • Instruction Fuzzy Hash: C2023C21B1EAC91FD759E7BC44766BDBBE2DF59200B5905FDD48ACB2E7CD18A8028301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA90BC6 Relevance: .2, Instructions: 229COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e32a10f9176abe47f3123ed94a721b7c80d978f69dd1055c538c63e75adeee35
                                                                              • Instruction ID: 1b61193be16bdba8f4dfe959659bd308e0ca948bd304bc0bfab778b9dc01509a
                                                                              • Opcode Fuzzy Hash: e32a10f9176abe47f3123ed94a721b7c80d978f69dd1055c538c63e75adeee35
                                                                              • Instruction Fuzzy Hash: D171053071E9898FE775DB7884A17A9BBE2EF49740F1445ADC08EC31E2CA64B846D345
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB5062D Relevance: .2, Instructions: 216COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2258084806.00007FFD9BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB50000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9bb50000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1162e776c136d39ca593723e2751c3b5d856e2dedd44edbb53ff55d8b680e4c6
                                                                              • Instruction ID: aa7c2111cf1c3215bed14e535534dd63b4f6180ea0409e68ba8f528725136158
                                                                              • Opcode Fuzzy Hash: 1162e776c136d39ca593723e2751c3b5d856e2dedd44edbb53ff55d8b680e4c6
                                                                              • Instruction Fuzzy Hash: 4A61396160FAC91FD756E7BC40766AA7FE2EF5764074845FED08ACB1F3C81868168302
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA905E8 Relevance: .2, Instructions: 173COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f828cdffbbeddd52b1fca512e500d335d13774263845de126b9154e2a5439b3d
                                                                              • Instruction ID: b1560417a5651aab73c0182bae45c0041e46458c898c1d4e5e64d2e457198b52
                                                                              • Opcode Fuzzy Hash: f828cdffbbeddd52b1fca512e500d335d13774263845de126b9154e2a5439b3d
                                                                              • Instruction Fuzzy Hash: 3851242090F2CA5FD31A977888A94617FE0EF5331071A82FED099CF0B3D9696947C382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB507E4 Relevance: .1, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2258084806.00007FFD9BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB50000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9bb50000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9369551e7b4c8d30e5220d8b8781655590f4d38dc93bc557bcd8942176a82c1e
                                                                              • Instruction ID: f4496d69451983c46d36d1984631c803d1a797143a2161217334dc7359f7edbc
                                                                              • Opcode Fuzzy Hash: 9369551e7b4c8d30e5220d8b8781655590f4d38dc93bc557bcd8942176a82c1e
                                                                              • Instruction Fuzzy Hash: C941937060F6894FC74AE7B8C476AA97FF2AF0B60074905EED48ACB5F3C9556816C701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA90901 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b2c9ae292c94da0d3de9c0063d5019db999f1f2a74bb7f92e556d61cee0c8c7e
                                                                              • Instruction ID: e5fe6d2d276acbb3d06af8b95090917b6d994c31f1bdd7132411694819ba3e64
                                                                              • Opcode Fuzzy Hash: b2c9ae292c94da0d3de9c0063d5019db999f1f2a74bb7f92e556d61cee0c8c7e
                                                                              • Instruction Fuzzy Hash: 44314C307158098FD798FB3CC4A9E6837E1EF6930574500F9E40ACB2B6EE69EC818741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA91AB2 Relevance: .1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2b86ef7dc6dd852f0751a969201fdd1a60460350c0446fe95a0e04d188a7db70
                                                                              • Instruction ID: 3e2601c446a86054c491ad3d5b06354d3b62bbdb534c646397479e41591dff08
                                                                              • Opcode Fuzzy Hash: 2b86ef7dc6dd852f0751a969201fdd1a60460350c0446fe95a0e04d188a7db70
                                                                              • Instruction Fuzzy Hash: 96313852B0EA890FE7A6977C48B61B57FE1EF6621070A40FBD048CB1A3ED485C438341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA91BA5 Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a7d07017f3adf121430252e3035181889001c9692d62f3d5cb5ef7ed7a0d561f
                                                                              • Instruction ID: 92e5d03cdf6e973ff3e769e42021fcb0eaeec7afe47544e4a3ae33c87c83130a
                                                                              • Opcode Fuzzy Hash: a7d07017f3adf121430252e3035181889001c9692d62f3d5cb5ef7ed7a0d561f
                                                                              • Instruction Fuzzy Hash: 5D114822E0FA895FD759977C84BB0A87BE2EF5955034506FFD049CB1A6E9181C03C342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB50817 Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2258084806.00007FFD9BB50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB50000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9bb50000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 262acfe4a81dd20e9cdf5fc23323ef96dac57b949f55d1f5f4c11ee6cacd0fe0
                                                                              • Instruction ID: f90e3512b0f5a28ed4efbbf1a4beba12c21c125d52148ff201fbd3413f1434c8
                                                                              • Opcode Fuzzy Hash: 262acfe4a81dd20e9cdf5fc23323ef96dac57b949f55d1f5f4c11ee6cacd0fe0
                                                                              • Instruction Fuzzy Hash: 49F0542025B5890FC749D7BCC476AA97FE2AF0B60034405EDE48ACB6B3C849A8128701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA919D8 Relevance: .0, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 63b193255ef3982d5bea2b66f7003d5fcd77006db50ecdd81e1f6726810e59fe
                                                                              • Instruction ID: 60b0219d8c132337eab5299566add671d2c4d3a262e6d0321b5a8d446f31cc03
                                                                              • Opcode Fuzzy Hash: 63b193255ef3982d5bea2b66f7003d5fcd77006db50ecdd81e1f6726810e59fe
                                                                              • Instruction Fuzzy Hash: B2F0E26090F6CA1FE715F7F844664997FD19F07650B4949FED488CF1B3E85929068305
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA9089D Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f7a50296415af30a2e3fadf81261d45297fc6e815b2a3e2f95b743360e6276b5
                                                                              • Instruction ID: 8f15d5286dcd5c5700b158f1e9ffe08b9d100d1681d30536aea6585847cae6fe
                                                                              • Opcode Fuzzy Hash: f7a50296415af30a2e3fadf81261d45297fc6e815b2a3e2f95b743360e6276b5
                                                                              • Instruction Fuzzy Hash: 2FF06D2050D7C50FC752A77848690567FF1CE5B150B1A09EFD4C9CB073D45C89468312
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BA908E1 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000026.00000002.2257862715.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_38_2_7ffd9ba90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                              • Instruction ID: 0bdf07c61545456c64a7aa34878c74aebc8036102670ca3c8236acac6f347d5e
                                                                              • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                              • Instruction Fuzzy Hash: 59C01211A4E42A02EDB03284B0114F473804BC16A0F470474E84C451A2D88D5AC2129A
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BB92028 Relevance: 3.1, Strings: 2, Instructions: 580COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2365713045.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bb90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #@_$V
                                                                              • API String ID: 0-4210754401
                                                                              • Opcode ID: 499e76566e2a37a1b568c514bbba8c28d6f495013718671a81326d06abd24ad5
                                                                              • Instruction ID: 7b7557cb136c9749970eee3d4e15b3f1fbdd8065b84cea0a0e7fd5c822010960
                                                                              • Opcode Fuzzy Hash: 499e76566e2a37a1b568c514bbba8c28d6f495013718671a81326d06abd24ad5
                                                                              • Instruction Fuzzy Hash: 33411912B0E6850FE36AA7BCA8654F93BA0EF5623970901F7D49DCB1E7ED0868468351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD0FF1 Relevance: .7, Instructions: 657COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 51c51a5c2135445b9ad48e8d91eae6b09e9348a58636cd7e829a51f2990f8a28
                                                                              • Instruction ID: 498a30f286db5b409dea54218f99528b778f99c73b643ac333ee2d08f65f8a31
                                                                              • Opcode Fuzzy Hash: 51c51a5c2135445b9ad48e8d91eae6b09e9348a58636cd7e829a51f2990f8a28
                                                                              • Instruction Fuzzy Hash: AC12AB70B0DB890FE369EB6884A15B577E1FFA5354B1446BDE08EC71A7DD29A803C341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD22B4 Relevance: .6, Instructions: 561COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 330b7f57dd2126984244b1b304bd7e5f20769846483fa2682064538acfa1edb5
                                                                              • Instruction ID: 61ec77fd88705851a3eff4108b8d13c3595bacaedfae33a92edc6928da966540
                                                                              • Opcode Fuzzy Hash: 330b7f57dd2126984244b1b304bd7e5f20769846483fa2682064538acfa1edb5
                                                                              • Instruction Fuzzy Hash: E8028920B1EBCA0FE755FBB884666A97BD1EF85260B4402FDC44ACB2E7DD5D9802C301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB9062D Relevance: .2, Instructions: 215COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2365713045.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bb90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5163a819a9e1f18cc1195ba1fb6c96878fa1aba0836e295fb4b839df998a8164
                                                                              • Instruction ID: a6b1b695b1bec5f377ffa39354e48ec436a8b549be1db01f098dfae5abbcc5ca
                                                                              • Opcode Fuzzy Hash: 5163a819a9e1f18cc1195ba1fb6c96878fa1aba0836e295fb4b839df998a8164
                                                                              • Instruction Fuzzy Hash: 84612370A0F7CA5FE356E7B880295A97BD1EF462B478900FED04ACB1F7D95C48468301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD0BC6 Relevance: .2, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 548869ce31ce7c33f5080bc9cd69080e6f520505aafc349e5aae0c2bb52fcb95
                                                                              • Instruction ID: 509e0fbf400ad39c99edcdf0a088d00a84f0050a0f384b6c6e66558cac84acc5
                                                                              • Opcode Fuzzy Hash: 548869ce31ce7c33f5080bc9cd69080e6f520505aafc349e5aae0c2bb52fcb95
                                                                              • Instruction Fuzzy Hash: B251F73071DA8A4FE779EBA884747A977D1EF89320F55467DC04EC31E2CA6CA845C744
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD0901 Relevance: .1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e0596bd06dc00a3ec971281c4577de9e10a7762fa2764180fb0daf09532a2da3
                                                                              • Instruction ID: b48800541e81ea25ab024178974d363011a61d9c2ec29018a0644700e1d97bb6
                                                                              • Opcode Fuzzy Hash: e0596bd06dc00a3ec971281c4577de9e10a7762fa2764180fb0daf09532a2da3
                                                                              • Instruction Fuzzy Hash: 81314E307159098FD798FB3CC4A9AA837E1EF5931574501F9E40ACB2B6EE69EC81C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD1AB2 Relevance: .1, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9590c313602c421820c6427733d9912282f5af3e7173ed8fa5fdf0237af154ed
                                                                              • Instruction ID: 970d14186f60c9701c09910069d513b32a0768a4b8bc63daa4cdfd2750adf761
                                                                              • Opcode Fuzzy Hash: 9590c313602c421820c6427733d9912282f5af3e7173ed8fa5fdf0237af154ed
                                                                              • Instruction Fuzzy Hash: EE310951B0EA890FE7A2977C44751B57BD1DFA621070A02FAD04CCB1B3ED495C428342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB907E4 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2365713045.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bb90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 622032100edd185ca897562095a39fe1a5bf49db95452d002782b68ecc66e0a2
                                                                              • Instruction ID: ce0d83dc8b732cdf042b43632afe464e4271ef158b4bdbe6db7cc61972c72ca3
                                                                              • Opcode Fuzzy Hash: 622032100edd185ca897562095a39fe1a5bf49db95452d002782b68ecc66e0a2
                                                                              • Instruction Fuzzy Hash: DF21907065E38A8FD34AEBB8C465A953BE1EF0626074500FDC046CF1B6E69D8C46CB11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD1A25 Relevance: .1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ca77cce911f3b64a44c55bcae530aa4e05913b8559133695a52b17030542eb72
                                                                              • Instruction ID: ff369b32bff40c6c4128d8ea46234e4906558bd505c153fd05ebde4002d6368a
                                                                              • Opcode Fuzzy Hash: ca77cce911f3b64a44c55bcae530aa4e05913b8559133695a52b17030542eb72
                                                                              • Instruction Fuzzy Hash: C401F952B0EA4E0FE395E7BC18652B467C1EFAD155B0542FBE04CC72E3DC495C458382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD1BA5 Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 07f38cb0b5a9c5d15a5a196ac650c3eba31c48142e43fa96c8dbb8fcbc3fb68b
                                                                              • Instruction ID: a3407f7f4b03bde75eb5d9794ab57e4bd09717c0d3dd7b3eab66a184ae3c6ca4
                                                                              • Opcode Fuzzy Hash: 07f38cb0b5a9c5d15a5a196ac650c3eba31c48142e43fa96c8dbb8fcbc3fb68b
                                                                              • Instruction Fuzzy Hash: AA112921F1F7C64FD355AB78586A0E437D1EF566A138503FAD009CB1A9F99D0C42C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB90871 Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2365713045.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bb90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 19bd8ad128b397ebb6317af3e02a70c1a481d308b17102d31e8140d57a59df7b
                                                                              • Instruction ID: 1fce8501c9393e1f9afbef60b1cb8c4560f03c815e0378b3061441bf657f6277
                                                                              • Opcode Fuzzy Hash: 19bd8ad128b397ebb6317af3e02a70c1a481d308b17102d31e8140d57a59df7b
                                                                              • Instruction Fuzzy Hash: 2011CE70B0F3CB4FE79AE7B884215A97BE0AF0226878504FEC04ACB1F2DA1C58058701
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB90817 Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2365713045.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bb90000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bf14933f246313c866b79354f6e9d691d58a6f6720bf468086bb80860ebc0da6
                                                                              • Instruction ID: aa30a06701f663f106682120427fe09ed5cb347c0c25225b7b40fcb581f75097
                                                                              • Opcode Fuzzy Hash: bf14933f246313c866b79354f6e9d691d58a6f6720bf468086bb80860ebc0da6
                                                                              • Instruction Fuzzy Hash: 84F0547075B78B4FE78AE7B8C465AD93AD2EF0636038504BDD04ACB1B6D99D8C428710
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD089D Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9fb99402833be8229c6f0e27a098ac373a079e3991fa56fdeff81b943c6d94aa
                                                                              • Instruction ID: 5305abe76ffe820e44884629978cba8c4a2ee8f641ca9ea634fda04b2bb7063c
                                                                              • Opcode Fuzzy Hash: 9fb99402833be8229c6f0e27a098ac373a079e3991fa56fdeff81b943c6d94aa
                                                                              • Instruction Fuzzy Hash: 0FF06D20A0D7C60FD752E77448690967FF0CE57160B0A06EFC488C7076E8AC8A85C313
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD08E1 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e18fc4e9ac1216eb337e5faab3fdfccfbf714ceb6fd97cfa9b705c0c4e4d3c8
                                                                              • Instruction ID: 8b2748d65f7313ee6b4f8cbf9b7ea44d2126e5f923001b781b6e9579f337d985
                                                                              • Opcode Fuzzy Hash: 6e18fc4e9ac1216eb337e5faab3fdfccfbf714ceb6fd97cfa9b705c0c4e4d3c8
                                                                              • Instruction Fuzzy Hash: 68C01214A4E41A02EDF03284B0218F873808BC1624F070574E84C451A2D88E5BC28299
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAD1A16 Relevance: .0, Instructions: 7COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000028.00000002.2364981931.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_40_2_7ffd9bad0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                              • Instruction ID: b2d14601fc9c5ffda5cf893a6dda55c9026cf20ab0f06c262e140abd335732a5
                                                                              • Opcode Fuzzy Hash: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                              • Instruction Fuzzy Hash: 2FA00204F8790E06DD6872F518761AC71D15BC9510FC76A74980DC2292FCDE5A954249
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BAB2131 Relevance: .9, Instructions: 881COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 80257e7e15a9c6801c372b03b37734668b77cfd5618cb43152a3ecead2d19e69
                                                                              • Instruction ID: ea1b49fda8dbce2e3c057ef72538c91a74635dbd054931b09db3a6c830927634
                                                                              • Opcode Fuzzy Hash: 80257e7e15a9c6801c372b03b37734668b77cfd5618cb43152a3ecead2d19e69
                                                                              • Instruction Fuzzy Hash: F5521870B19A494FEB9DEB6C84A1A7577D1EF6A300B5501B9D01ECB2E7CD28ED428B40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB0FF1 Relevance: .9, Instructions: 876COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b86bd99038f1fca03fb28a1c7d08d19996e3bed2c0104d9c35ca32a45ecee5e7
                                                                              • Instruction ID: f176dc602cf997793697c5b911430fceb4fde4a6afdc63ef3f0a0d9870f9b561
                                                                              • Opcode Fuzzy Hash: b86bd99038f1fca03fb28a1c7d08d19996e3bed2c0104d9c35ca32a45ecee5e7
                                                                              • Instruction Fuzzy Hash: 01427830B1DB494FE369DB2884A1975B7D1FF65304F1505BDE0AFC72A6DE28E8028B81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB0A4D Relevance: .6, Instructions: 555COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 38bf6e11309908fdef7adf913ad79c96fb3141e1c000970e71e91c761e36d412
                                                                              • Instruction ID: 1a1707f7aaf0652186b3d62fd8f1facb13d9b8bc8a427d733743e934e62706f9
                                                                              • Opcode Fuzzy Hash: 38bf6e11309908fdef7adf913ad79c96fb3141e1c000970e71e91c761e36d412
                                                                              • Instruction Fuzzy Hash: 24022670B0DA494FE778DB6980A0B667BD1FF5A300F5241B9D05DC72E6CE68E902CB04
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB7062D Relevance: .4, Instructions: 385COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472740175.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bb70000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f24fc3ac252ecd203e36ab94c76fa6bb4aa5ad5d0f650da9672110c772c3ef3b
                                                                              • Instruction ID: 2059100ee3536fa726e41a3410ccbe800a3545561f9d83792ad110be3655e821
                                                                              • Opcode Fuzzy Hash: f24fc3ac252ecd203e36ab94c76fa6bb4aa5ad5d0f650da9672110c772c3ef3b
                                                                              • Instruction Fuzzy Hash: 81C1C4A0B0D94D4FEFA9D76880B07652BD1FF5A704B9600BBD04DCBAF6CD189E419711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BB70CB6 Relevance: .2, Instructions: 185COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472740175.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bb70000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9a219b37bf48b6f992b1d351e577cc0058528cce5dc3f12808582428f764d906
                                                                              • Instruction ID: 4fc42abf55a25f73d1afc7769907af0eeec6b8f609176ddf8a510de2b5953640
                                                                              • Opcode Fuzzy Hash: 9a219b37bf48b6f992b1d351e577cc0058528cce5dc3f12808582428f764d906
                                                                              • Instruction Fuzzy Hash: 98518B1164F7C60FE7A383B898A55A23FE1DE8752074A41EBD488CF4E7D94D584BC322
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB05E8 Relevance: .2, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2dd6d132a9bf5f90b222b9d87cf326c05dad42e9a9f474e43c8c2cbb364e4ad0
                                                                              • Instruction ID: 8b09283e9c5a695c692afaa46c124b7858102428ba1290ca0ce257adceb95bee
                                                                              • Opcode Fuzzy Hash: 2dd6d132a9bf5f90b222b9d87cf326c05dad42e9a9f474e43c8c2cbb364e4ad0
                                                                              • Instruction Fuzzy Hash: FB51366090F2D95FD31A977888A84607FA0EF57310B1A42FEC0A9CF0F3D969A947C752
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB0901 Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f2edb5a8f6492ebbf457e629e5423ac07c48584799a1347ea62ea2b2db8bf29d
                                                                              • Instruction ID: 86063546c2a6eae28c70d0e9717c9a676bf63409890958c86d4140fb996a8239
                                                                              • Opcode Fuzzy Hash: f2edb5a8f6492ebbf457e629e5423ac07c48584799a1347ea62ea2b2db8bf29d
                                                                              • Instruction Fuzzy Hash: 38311030B159198FD798FB2CC4A9A6877E1EF59305B4500F9E40ECB2B6DE69EC418741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB1AB2 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 24452ed8caff19184daddf8c2c94cb622a10c914d84c1e56876fd97e29c7e943
                                                                              • Instruction ID: 0b66f93081f03e9735695325e7b5de250f67e32065f5f075cc54786f4d8c0bc3
                                                                              • Opcode Fuzzy Hash: 24452ed8caff19184daddf8c2c94cb622a10c914d84c1e56876fd97e29c7e943
                                                                              • Instruction Fuzzy Hash: 33314C52B1EA990FE7A2937C48B62B17FD1EF66210B0A00FBD058CB1E3ED489C42C351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB1BA5 Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bcd5e48156526f0efd3e8a44274fd6ad44765169ec5fa340681f999bd16d2626
                                                                              • Instruction ID: 59d794fc8d201e27f84fd0cc0f80f0824ef89deccf050802fe7ac72393119a8d
                                                                              • Opcode Fuzzy Hash: bcd5e48156526f0efd3e8a44274fd6ad44765169ec5fa340681f999bd16d2626
                                                                              • Instruction Fuzzy Hash: 7F016B52F1EF480FE7A9873C04B62613BC1EF66350B4601EBD409CB1E6ED096D028352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB089D Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d38a523b0d656fdd90bdddf16ede9feecea484595ca48eec6708e2f10ca5a4c4
                                                                              • Instruction ID: 07583c0f373076b06730d6e089a28d75e9720079c605f1e0973eb0c79baa220d
                                                                              • Opcode Fuzzy Hash: d38a523b0d656fdd90bdddf16ede9feecea484595ca48eec6708e2f10ca5a4c4
                                                                              • Instruction Fuzzy Hash: F8F0C82090E7990FDB72B7B458654A57FE08F56210F0B04FBD89CC70B3D89C9A858756
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAB19D8 Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.2472397115.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ffd9bab0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f63dfca3bd18b0e0341ae971bb1b8b51b5406d1b1231e83809d0670da7677f84
                                                                              • Instruction ID: b15b878bb1fa7f07b1354883d6775244fa2dfea4bf65f25f7d687900d9d8e0fb
                                                                              • Opcode Fuzzy Hash: f63dfca3bd18b0e0341ae971bb1b8b51b5406d1b1231e83809d0670da7677f84
                                                                              • Instruction Fuzzy Hash: AAF02791A0F6C90FE765E7B400A24957FC19F27300B4A04F9C048CF1F3E85869064714
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Executed Functions

                                                                              Function 00007FFD9BAC2131 Relevance: .9, Instructions: 882COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0eb5786fa0a46aa2105af5b6d8dcedc08a984da655c942c71dc8cabfda4d2190
                                                                              • Instruction ID: 6673a39fc85fcf700e0cb386007645fc25fa50805d29688ed72ba2a399db24cc
                                                                              • Opcode Fuzzy Hash: 0eb5786fa0a46aa2105af5b6d8dcedc08a984da655c942c71dc8cabfda4d2190
                                                                              • Instruction Fuzzy Hash: 1A5214B1B18E498FD78AEB688474A7573D1EFA9304B4502B9D04ECB2E7DE25ED02C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC0FF1 Relevance: .9, Instructions: 879COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 10b4a41e303f00e324592a399498babcdbebc48e10da408a62899bf4dde9f985
                                                                              • Instruction ID: 23bdd8c0b389fbb38472618ec0086615afebd095da523f5ef486d267833cd888
                                                                              • Opcode Fuzzy Hash: 10b4a41e303f00e324592a399498babcdbebc48e10da408a62899bf4dde9f985
                                                                              • Instruction Fuzzy Hash: B5426630B0DB494FE769EB288461A7577E1FFA5314F1506BDE09EC72A6DE68E8038341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC0A4D Relevance: .6, Instructions: 555COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 23f0f19479e77ed28354664432961ad832d8ad12051a7be63673d156474cbf5d
                                                                              • Instruction ID: 217d30142ac9ed491b4005f47bbd177583e1faac6986b1b9b500870bf9cb6c5e
                                                                              • Opcode Fuzzy Hash: 23f0f19479e77ed28354664432961ad832d8ad12051a7be63673d156474cbf5d
                                                                              • Instruction Fuzzy Hash: C102E470B0DA4E8FE7AAEB288460A7477E1FFA9304F5142B9D04DC72D2CE75A9428715
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC05E8 Relevance: .2, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b8e0d6df0ee13b2be69bf10e5a0965c2d7067d2ee1fde2e8e766a8b9e3ec729b
                                                                              • Instruction ID: f9ca5ec34a664635c5bfa17cb5fe6033cffde9ba52a13264751ee81c4ce76516
                                                                              • Opcode Fuzzy Hash: b8e0d6df0ee13b2be69bf10e5a0965c2d7067d2ee1fde2e8e766a8b9e3ec729b
                                                                              • Instruction Fuzzy Hash: FF512361A0F68A4FD35AA77888684607FA0EF5331071A42FEC09DCF0A3D969AD47C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC0901 Relevance: .1, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 59239b60fca66252a5b2eea83782351e5cd1b65d74e92c1e7f0b0592d41150fa
                                                                              • Instruction ID: 51e5cce9681dcaf111ff78e1377a4a9607fbc5e7529150ced0ab2b687acde94e
                                                                              • Opcode Fuzzy Hash: 59239b60fca66252a5b2eea83782351e5cd1b65d74e92c1e7f0b0592d41150fa
                                                                              • Instruction Fuzzy Hash: C5314F30B158098FDB98FB2CC869A6837E1FF59315B4601F5E40ECB2BADE65EC418741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC1AB2 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3b92f64f8bb211c0101ed197b8a2c585d1b4aacd8a592808d995e2b6380dface
                                                                              • Instruction ID: 0a3ca3286fa0d3dbdff3dc73489fe77cbd0c0f86947ff276e5f88cd6fd02f18c
                                                                              • Opcode Fuzzy Hash: 3b92f64f8bb211c0101ed197b8a2c585d1b4aacd8a592808d995e2b6380dface
                                                                              • Instruction Fuzzy Hash: A9310852B0EA8D0FE7A6A77C48B52B17BE1EF6A21070A41FBD04CCB1A3ED495C438341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00007FFD9BAC19D8 Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002C.00000002.2580499524.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_44_2_7ffd9bac0000_RegAsm.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 49d3ef30e3c40627deb78460eb01ce57bdc6064432cc30559c72b8ac6100cd6c
                                                                              • Instruction ID: 3abdc6f582d0a1570ce67189b059d85bcd1344221d23d5f30a35d6b37820b0e8
                                                                              • Opcode Fuzzy Hash: 49d3ef30e3c40627deb78460eb01ce57bdc6064432cc30559c72b8ac6100cd6c
                                                                              • Instruction Fuzzy Hash: FAF0A7E2E0FA8A4FD796F7B444255547EC1AFA6350B4605F9C04DCF2A3E89A1D464310
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%