Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wsmprovhost.exe

Overview

General Information

Sample name:wsmprovhost.exe
Analysis ID:1544359
MD5:f71da90302d91734921fdefeb312dc47
SHA1:dd7e12465bbe667554f977503ea44bfffc59cbd7
SHA256:2330ad427ec48dfe1abe51747d900a334bac7b8599388387ad7c64234964ab58
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Sigma detected: System File Execution Location Anomaly
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • wsmprovhost.exe (PID: 4784 cmdline: "C:\Users\user\Desktop\wsmprovhost.exe" MD5: F71DA90302D91734921FDEFEB312DC47)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: System File Execution Location Anomaly
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\Desktop\wsmprovhost.exe", CommandLine: "C:\Users\user\Desktop\wsmprovhost.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\wsmprovhost.exe, NewProcessName: C:\Users\user\Desktop\wsmprovhost.exe, OriginalFileName: C:\Users\user\Desktop\wsmprovhost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\Desktop\wsmprovhost.exe", ProcessId: 4784, ProcessName: wsmprovhost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wsmprovhost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: wsmprovhost.pdb source: wsmprovhost.exe
Source: Binary string: wsmprovhost.pdbGCTL source: wsmprovhost.exe
Source: classification engineClassification label: sus21.winEXE@1/0@0/0
Source: wsmprovhost.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wsmprovhost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: mi.dllJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\wsmprovhost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: wsmprovhost.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: wsmprovhost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: wsmprovhost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wsmprovhost.pdb source: wsmprovhost.exe
Source: Binary string: wsmprovhost.pdbGCTL source: wsmprovhost.exe
Source: wsmprovhost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wsmprovhost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wsmprovhost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wsmprovhost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wsmprovhost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: wsmprovhost.exeStatic PE information: section name: .didat
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
wsmprovhost.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1544359
Start date and time:2024-10-29 10:17:31 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:wsmprovhost.exe
Detection:SUS
Classification:sus21.winEXE@1/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • VT rate limit hit for: wsmprovhost.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):5.586915396369068
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:wsmprovhost.exe
File size:37'376 bytes
MD5:f71da90302d91734921fdefeb312dc47
SHA1:dd7e12465bbe667554f977503ea44bfffc59cbd7
SHA256:2330ad427ec48dfe1abe51747d900a334bac7b8599388387ad7c64234964ab58
SHA512:6cb6c929be2ccaabde796e7cc4b6d83e4ccfb2e4044bb15ff1ce471242645aa61dbd408c822f9eecfef7a55f6ee93312c0bc4c2ee6eebbee976c91d4724c9ee5
SSDEEP:384:BKYYAGDVPibLECF9QAfokJr8msW5DTaChev6+31CoNHjJrk9wmW7EfW:BA+jlwq8m1MChc6+FCotjJCw4
TLSH:E4F2C8559F9D8CCBCC69E73C84514269A671F4388B02D6DB401C9A1F7FEB9E6023EE60
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................................................................o.............Rich............PE..d....q.f...

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x140002f60
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x66AC71F9 [Fri Aug 2 05:43:21 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:10
OS Version Minor:0
File Version Major:10
File Version Minor:0
Subsystem Version Major:10
Subsystem Version Minor:0
Import Hash:f01729c7436aceea744ac48f9c4dc3a6

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FEFACE2A010h
dec eax
add esp, 28h
jmp 00007FEFACE299BBh
int3
int3
int3
int3
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], edi
inc ecx
push esi
dec eax
sub esp, 000000B0h
and dword ptr [esp+20h], 00000000h
dec eax
lea ecx, dword ptr [esp+40h]
call dword ptr [00002305h]
nop
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ebx, dword ptr [eax+08h]
xor edi, edi
xor eax, eax
dec eax
cmpxchg dword ptr [00007732h], ebx
je 00007FEFACE299CBh
dec eax
cmp eax, ebx
jne 00007FEFACE299B9h
mov edi, 00000001h
jmp 00007FEFACE299BFh
mov ecx, 000003E8h
call dword ptr [00002321h]
jmp 00007FEFACE2998Ch
mov eax, dword ptr [00007719h]
cmp eax, 01h
jne 00007FEFACE299BCh
lea ecx, dword ptr [eax+1Eh]
call 00007FEFACE29E95h
jmp 00007FEFACE29A1Fh
mov eax, dword ptr [00007704h]
test eax, eax
jne 00007FEFACE29A0Bh
mov dword ptr [000076F6h], 00000001h
dec esp
lea esi, dword ptr [0000244Fh]
dec eax
lea ebx, dword ptr [00002430h]
dec eax
mov dword ptr [esp+30h], ebx
mov dword ptr [esp+24h], eax
dec ecx
cmp ebx, esi
jnc 00007FEFACE299D7h
test eax, eax
jne 00007FEFACE299D7h
dec eax
cmp dword ptr [ebx], 00000000h
je 00007FEFACE299C2h
dec eax
mov eax, dword ptr [ebx]
dec eax
mov ecx, dword ptr [000023EEh]

Rich Headers

Programming Language:
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x69b00x22ec.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT0x8c9c0x140.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0xd0000x7f8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0xb0000x420.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000x80.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x5b000x38.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x50d00xd0.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x51a00x270.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x66240x100.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x31100x32004329a36d8239c7be8907b6cb600bbadaFalse0.43765625data5.804970943230553IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x50000x474c0x480057da435683fe14f5f65851604c361ad3False0.25537109375data5.132239546739868IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0xa0000x7000x20099fba338ca6022c889ff588253de7aa1False0.138671875data0.9039837914257391IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0xb0000x4200x6005e5a593b136176912c6b0c5456640799False0.3802083333333333data3.1361090895774124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat0xc0000xb80x200b6a71d732aa46b3739654ecdd9303245False0.13671875data0.9634928742433803IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0xd0000x7f80x8002a848d5f061dd04601461e61dd739d71False0.451171875data4.579924322317571IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0xe0000x800x2000317123eb900eaa8204b8ea37027add2False0.21875data1.4920348671341515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0xd4300x3c4dataEnglishUnited States0.45643153526970953
RT_MANIFEST0xd0a00x38aXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.47902869757174393

Imports

DLLImport
msvcrt.dll_exit, __setusermatherr, _acmdln, __C_specific_handler, _ismbblead, _cexit, exit, _initterm, ?terminate@@YAXXZ, __set_app_type, ??1type_info@@UEAA@XZ, _commode, __getmainargs, _amsg_exit, _XcptFilter, __CxxFrameHandler3, _CxxThrowException, _fmode, memset
api-ms-win-eventing-classicprovider-l1-1-0.dllTraceMessage, GetTraceLoggerHandle, GetTraceEnableLevel, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceEnableFlags
api-ms-win-core-synch-l1-2-0.dllWaitForSingleObjectEx, SetEvent, Sleep, InitializeCriticalSection, CreateEventW, DeleteCriticalSection
api-ms-win-core-errorhandling-l1-1-1.dllGetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter
api-ms-win-core-com-l1-1-0.dllCoUninitialize, CoRegisterClassObject, CoInitializeEx, CoInitializeSecurity, CoCreateInstance, CoRevokeClassObject
api-ms-win-core-sysinfo-l1-2-0.dllGetVersionExW, GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-heap-l1-2-0.dllHeapSetInformation
api-ms-win-core-processthreads-l1-1-1.dllGetCurrentProcess, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess, GetStartupInfoW
api-ms-win-core-rtlsupport-l1-2-0.dllRtlLookupFunctionEntry, RtlCaptureContext, RtlVirtualUnwind
api-ms-win-core-debug-l1-1-1.dllOutputDebugStringA
api-ms-win-core-libraryloader-l1-1-1.dllGetModuleHandleW
api-ms-win-core-profile-l1-1-0.dllQueryPerformanceCounter
WsmSvc.DLL?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z, ??1CWSManCriticalSection@@QEAA@XZ, WSManError, CreateProvHost, ?Free@WSManMemory@@SAXPEAXH@Z
api-ms-win-core-apiquery-l1-1-0.dllApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1.dllDelayLoadFailureHook, ResolveDelayLoadedAPI

Exports

NameOrdinalAddress
??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ10x140001820
??0?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@AEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z20x140001b70
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@AEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z30x140001c70
??1?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@QEAA@XZ40x1400010c0
??1?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@QEAA@XZ50x140001060
??1?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA@XZ60x140001600
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ70x1400017c0
??1?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEAA@XZ80x1400012b0
??1?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEAA@XZ90x1400012b0
??1?$SafeMap_Iterator@UPluginKey@@K@@QEAA@XZ100x1400012b0
??1?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@XZ110x1400012b0
??1?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEAA@XZ120x140001a00
??1?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEAA@XZ130x140001a00
??1?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA@XZ140x140001a00
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ150x140001a00
??1?$SafeSet@PEAVCListenerOperation@@@@QEAA@XZ160x1400010c0
??1?$SafeSet@PEAVIOperation@@@@QEAA@XZ170x140001060
??1?$SafeSet_Iterator@PEAVCListenerOperation@@@@QEAA@XZ180x140001050
??1?$SafeSet_Iterator@PEAVIOperation@@@@QEAA@XZ190x140001050
??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ200x140001040
??_7?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@6B@210x140005088
??_7?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@6B@220x140005048
??_7?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@6B@230x140005028
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@240x140005068
?Acquire@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEBAXXZ250x140001140
?Acquire@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEBAXXZ260x140001140
?Acquire@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEBAXXZ270x140001140
?Acquire@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEBAXXZ280x140001140
?Acquire@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEBAXXZ290x140001140
?Acquire@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEBAXXZ300x140001140
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ310x140001140
?Acquire@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEBAXXZ320x140001140
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAXXZ330x140001d20
?Acquired@?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEAA_NXZ340x1400019f0
?Acquired@?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEAA_NXZ350x1400019f0
?Acquired@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA_NXZ360x1400019f0
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA_NXZ370x1400019f0
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAAEAV1@XZ380x140001b60
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IEBAAEAV?$STLMap@VKey@Locale@@K@@XZ390x140001e40
?DeInitialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z400x140001340
?DeInitialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z410x140001340
?DeInitialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z420x140001340
?DeInitialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z430x140001340
?DeInitialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEAA_NAEAVIRequestContext@@@Z440x140001340
?DeInitialize@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEAA_NAEAVIRequestContext@@@Z450x1400014a0
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z460x140001660
?DeInitialize@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEAA_NAEAVIRequestContext@@@Z470x140001150
?GetInitError@CWSManCriticalSection@@QEBAKXZ480x140001030
?GetMap@?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEBAAEAV?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@XZ490x140001a30
?GetMap@?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEBAAEAV?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@XZ500x140001a30
?GetMap@?$SafeMap_Iterator@UPluginKey@@K@@QEBAAEAV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ510x140001a30
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QEBAAEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ520x140001a30
?GetMap@?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEBAAEBV?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@XZ530x140001a30
?GetMap@?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEBAAEBV?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@XZ540x140001a30
?GetMap@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEBAAEBV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ550x140001a30
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEBAAEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ560x140001a30
?Initialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z570x1400013b0
?Initialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z580x1400013b0
?Initialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z590x1400013b0
?Initialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z600x1400013b0
?Initialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEAA_NAEAVIRequestContext@@@Z610x1400013b0
?Initialize@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEAA_NAEAVIRequestContext@@@Z620x140001510
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z630x1400016d0
?Initialize@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEAA_NAEAVIRequestContext@@@Z640x1400011c0
?IsValid@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@QEBA_NXZ650x140001120
?IsValid@?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEBA_NXZ660x140001950
?IsValid@?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEBA_NXZ670x140001950
?IsValid@?$SafeMap_Iterator@UPluginKey@@K@@QEBA_NXZ680x140001950
?IsValid@?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@QEBA_NXZ690x140001950
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QEBA_NXZ700x140001950
?IsValid@?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@QEBA_NXZ710x140001950
?Release@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEBAXXZ720x140001140
?Release@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEBAXXZ730x140001140
?Release@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEBAXXZ740x140001140
?Release@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEBAXXZ750x140001140
?Release@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEBAXXZ760x140001140
?Release@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEBAXXZ770x140001140
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ780x140001140
?Release@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEBAXXZ790x140001140
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QEAAXXZ800x140001cb0
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IEAAXXZ810x140001d80

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:05:18:22
Start date:29/10/2024
Path:C:\Users\user\Desktop\wsmprovhost.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\wsmprovhost.exe"
Imagebase:0x7ff7ecb10000
File size:37'376 bytes
MD5 hash:F71DA90302D91734921FDEFEB312DC47
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Disassembly

No disassembly