Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3.19.1+SetupWIService.exe

Overview

General Information

Sample name:3.19.1+SetupWIService.exe
Analysis ID:1590155
MD5:a7046c3136192e6e7b5180728b3b3b49
SHA1:80c172f4b988b75b9078ecfe6a40d92f353b6c73
SHA256:aedddd8ca924f5ff05651559d4b13895085af42b90ef304f9ea1d8d641a8fb21
Infos:

Detection

Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Modifies the hosts file
Modifies the windows firewall
Sets file extension default program settings to executables
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Tries to delay execution (extensive OutputDebugStringW loop)
Uses netsh to modify the Windows network and firewall settings
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Explorer Process Tree Break
Sigma detected: Office Autorun Keys Modification
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • 3.19.1+SetupWIService.exe (PID: 5680 cmdline: "C:\Users\user\Desktop\3.19.1+SetupWIService.exe" MD5: A7046C3136192E6E7B5180728B3B3B49)
    • cmd.exe (PID: 6188 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 3460 cmdline: taskkill /F /IM WIService.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4872 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5712 cmdline: taskkill /F /IM WIui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4068 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7144 cmdline: taskkill /F /IM wirtpproxy.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6260 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5388 cmdline: taskkill /F /IM wiservice-ui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2032 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5776 cmdline: taskkill /F /IM vncsrv.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6196 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6672 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2720 cmdline: cmd /C taskkill /F /IM WildixOutlookSync32.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 992 cmdline: taskkill /F /IM WildixOutlookSync32.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4928 cmdline: cmd /C taskkill /F /IM WildixOutlookSync64.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 3708 cmdline: taskkill /F /IM WildixOutlookSync64.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • wiservice.exe (PID: 7108 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: D62710F3678538E483FFC7EA112D7F68)
    • RegAsm.exe (PID: 2724 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 5776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5760 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 5804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4776 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 3708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4584 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 3004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6484 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 644 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 7092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6260 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 2748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 3220 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 1592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5448 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6272 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 1916 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 6636 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • cmd.exe (PID: 4088 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 3784 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • wiservice.exe (PID: 2720 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 4372 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: D62710F3678538E483FFC7EA112D7F68)
    • explorer.exe (PID: 2824 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 5024 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId MD5: D62710F3678538E483FFC7EA112D7F68)
    • explorer.exe (PID: 6556 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • cmd.exe (PID: 2084 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6320 cmdline: schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 7120 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • spoolsv.exe (PID: 4488 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • spoolsv.exe (PID: 5228 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • wiservice.exe (PID: 6032 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --update MD5: D62710F3678538E483FFC7EA112D7F68)
  • wiservice.exe (PID: 3884 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 4832 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 1824 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: D62710F3678538E483FFC7EA112D7F68)
  • explorer.exe (PID: 6280 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 2052 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: D62710F3678538E483FFC7EA112D7F68)
  • explorer.exe (PID: 4196 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 7032 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: D62710F3678538E483FFC7EA112D7F68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\spoolsv.exe, SourceProcessId: 5228, StartAddress: B40EDF50, TargetImage: C:\Windows\System32\conhost.exe, TargetProcessId: 5228
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files\Wildix\WIService\WIService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\3.19.1+SetupWIService.exe, ProcessId: 5680, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WIService
Sigma detected: Explorer Process Tree Break
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 6280, ProcessName: explorer.exe
Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: Wildix Outlook Integration, EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\WildixOutlookAddin\Description
Sigma detected: Potential Persistence Via Visual Studio Tools for Office
Source: Registry Key setAuthor: Bhabesh Raj: Data: Details: Wildix Outlook Integration, EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\WildixOutlookAddin\Description
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 3B 00 77 00 69 00 6C 00 64 00 69 00 78 00 69 00 6E 00 74 00 65 00 67 00 72 00 61 00 74 00 69 00 6F 00 6E 00 2E 00 65 00 75 00 3B 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 2720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_b6024130-0
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeEXE: cmd.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeEXE: cmd.exeJump to behavior
Uses 32bit PE files
Source: 3.19.1+SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
PE / OLE file has a valid certificate
Source: 3.19.1+SetupWIService.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: 3.19.1+SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c0 source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdbv source: wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb: source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: RegAsm.exe, 0000002B.00000002.2345369794.0000026131A82000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: RegAsm.exe, 00000027.00000002.2331786678.0000017ACC722000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: RegAsm.exe, 0000002B.00000002.2345369794.0000026131A82000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: unidrv.pdb source: wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: RegAsm.exe, 00000029.00000002.2339635579.0000015A3FF12000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: RegAsm.exe, 00000029.00000002.2339635579.0000015A3FF12000.00000002.00000001.01000000.0000000D.sdmp
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0505D0 FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,29_2_00007FFD9A0505D0
Source: global trafficTCP traffic: 192.168.2.6:63113 -> 162.159.36.2:53
Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 547Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 482Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 398Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 479Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 516Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 514Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 502Content-Type: application/x-www-form-urlencoded
Source: Joe Sandbox ViewIP Address: 18.173.205.94 18.173.205.94
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficDNS traffic detected: DNS query: files.wildix.com
Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: feedback.wildix.com
Source: global trafficDNS traffic detected: DNS query: crt.sectigo.com
Source: unknownHTTP traffic detected: POST /api/v1/Analytics/wiservice HTTP/1.1Host: feedback.wildix.comAccept: */*Content-Length: 547Content-Type: application/x-www-form-urlencoded
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cevcsca2021.ocsp-certum.com07
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606573232.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013635939.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000002.3368375920.000001A7B6F00000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013441140.000001A7B6511000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013212612.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606502843.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3105730626.000001A7B6513000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810824456.000001A7B6F14000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607752321.000001A7B6F0E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: 3.19.1+SetupWIService.exe, 00000000.00000000.2105391633.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wiservice.exe, 0000003F.00000002.3366922849.000001E7DEDC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com
Source: wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606573232.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013635939.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000002.3368375920.000001A7B6F00000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013441140.000001A7B6511000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013212612.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606502843.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3105730626.000001A7B6513000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810824456.000001A7B6F14000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607752321.000001A7B6F0E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
Source: wiservice.exe, 0000003F.00000002.3366922849.000001E7DEDC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.como
Source: 3.19.1+SetupWIService.exe, 00000000.00000003.2476570775.00000000005AD000.00000004.00000020.00020000.00000000.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000002.2477711974.00000000005AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.comDisplayIcon
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com02
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com05
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certum.pl/CPS0
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gimp.orgg
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2380162182.000001E90CAB0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3367535180.000001A7B647D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
Source: wiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/8a
Source: wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/9
Source: wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google..
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohp
Source: wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.000002734407B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376492508.000002734408D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomkn
Source: wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027343FE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhi
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiWYASe.f0AG1.f
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceevent=unknownEventevent=data&
Source: wiservice.exe, 00000039.00000002.2380162182.000001E90CAB0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3367535180.000001A7B647D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
Source: wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicea
Source: wiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicee
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiserviceemailothersizestypemessagecontextfeedback.zipPr
Source: wiservice.exe, 00000032.00000002.2402652719.000002734409E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integr
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.json
Source: wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.jsonock
Source: wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2380162182.000001E90CAB0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3367535180.000001A7B647D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
Source: wiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonCa
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterS
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
Source: wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonrvi
Source: wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsons
Source: wiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonvi
Source: wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2389784848.00000273440B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgl
Source: wiservice.exe, 00000032.00000003.2376081815.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkg
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-
Source: wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2389784848.00000273440B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe
Source: wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe
Source: wiservice.exe, 00000032.00000003.2376081815.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.json
Source: wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.json17ef
Source: wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsonnt)
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: RegAsm.exe, 00000027.00000002.2331786678.0000017ACC722000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/serilog/serilog/pull/819.
Source: wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606573232.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013635939.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000002.3368375920.000001A7B6F00000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215911838.000001A7B654E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216121081.000001A7B654E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013441140.000001A7B6511000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607667379.000001A7B6550000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013212612.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B6550000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606502843.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3105730626.000001A7B6513000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810824456.000001A7B6F14000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607752321.000001A7B6F0E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: wiservice.exe, 0000003F.00000002.3368798627.000001E7DF901000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3063559674.000001E7DF901000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigupdater.txt
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ&Send
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.certum.pl/CPS0
Source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com2015-2025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 63157 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63170
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63142
Source: unknownNetwork traffic detected: HTTP traffic on port 63142 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63203 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63157
Source: unknownNetwork traffic detected: HTTP traffic on port 63176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63203
Source: unknownNetwork traffic detected: HTTP traffic on port 63170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63216
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A09DD20: DeviceIoControl,29_2_00007FFD9A09DD20
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unidrv.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\imgprint.gpdJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unidrvui.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unires.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdnames.gpdJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stddtype.gdlJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdschem.gdlJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdschmx.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\OldJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\NewJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrvui.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\imgprint.gpdJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unires.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdnames.gpdJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stddtype.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschem.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschmx.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\Old\1Jump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.BUDJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\Old\1\stddtype.gdlJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C5B3C29_2_00007FFD9A0C5B3C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A062E1829_2_00007FFD9A062E18
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0451C429_2_00007FFD9A0451C4
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0437A029_2_00007FFD9A0437A0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C9AF029_2_00007FFD9A0C9AF0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A079B2229_2_00007FFD9A079B22
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0D7B5C29_2_00007FFD9A0D7B5C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0A3B6029_2_00007FFD9A0A3B60
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06ABF029_2_00007FFD9A06ABF0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0668B029_2_00007FFD9A0668B0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0D98B029_2_00007FFD9A0D98B0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A05391029_2_00007FFD9A053910
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A04493029_2_00007FFD9A044930
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A04B97029_2_00007FFD9A04B970
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C198029_2_00007FFD9A0C1980
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A07A9D429_2_00007FFD9A07A9D4
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A089A4429_2_00007FFD9A089A44
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06BF3029_2_00007FFD9A06BF30
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A07AF3C29_2_00007FFD9A07AF3C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A063F6029_2_00007FFD9A063F60
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0D7FF029_2_00007FFD9A0D7FF0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0D0C9029_2_00007FFD9A0D0C90
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0CCD3C29_2_00007FFD9A0CCD3C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C32C429_2_00007FFD9A0C32C4
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06532029_2_00007FFD9A065320
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A05D35029_2_00007FFD9A05D350
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0CF34029_2_00007FFD9A0CF340
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06937029_2_00007FFD9A069370
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A09F39029_2_00007FFD9A09F390
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0D239429_2_00007FFD9A0D2394
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A07E44429_2_00007FFD9A07E444
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A05C19029_2_00007FFD9A05C190
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A07723029_2_00007FFD9A077230
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0B767029_2_00007FFD9A0B7670
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0D867029_2_00007FFD9A0D8670
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0E06B829_2_00007FFD9A0E06B8
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A08A6EC29_2_00007FFD9A08A6EC
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C177C29_2_00007FFD9A0C177C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C27FC29_2_00007FFD9A0C27FC
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06381029_2_00007FFD9A063810
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06184029_2_00007FFD9A061840
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C247829_2_00007FFD9A0C2478
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A06A4B029_2_00007FFD9A06A4B0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0B951829_2_00007FFD9A0B9518
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A09451429_2_00007FFD9A094514
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0C157829_2_00007FFD9A0C1578
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0755E029_2_00007FFD9A0755E0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD346A213131_2_00007FFD346A2131
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD346A0A1D31_2_00007FFD346A0A1D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD346A0FF131_2_00007FFD346A0FF1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD346A0A4D31_2_00007FFD346A0A4D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476060931_2_00007FFD34760609
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476B60731_2_00007FFD3476B607
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476062D31_2_00007FFD3476062D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476AF0031_2_00007FFD3476AF00
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD347687C831_2_00007FFD347687C8
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476405F31_2_00007FFD3476405F
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476A8A831_2_00007FFD3476A8A8
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD347689F231_2_00007FFD347689F2
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD34766A1F31_2_00007FFD34766A1F
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD3476127831_2_00007FFD34761278
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD34761A7731_2_00007FFD34761A77
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD34761AB031_2_00007FFD34761AB0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD348F38F231_2_00007FFD348F38F2
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD3467209833_2_00007FFD34672098
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD34730CB633_2_00007FFD34730CB6
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD3473128833_2_00007FFD34731288
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 37_2_00007FFD34765FF237_2_00007FFD34765FF2
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 39_2_00007FFD34761DFA39_2_00007FFD34761DFA
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 41_2_00007FFD34750C5D41_2_00007FFD34750C5D
Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FFD9A0779B0 appears 64 times
Source: UNIRES.DLL.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: UNIRES.DLL.0.drStatic PE information: Resource name: None type: COM executable for DOS
Source: unires.dll.26.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unires.dll.26.drStatic PE information: Resource name: None type: COM executable for DOS
Source: unires.dll.29.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unires.dll.29.drStatic PE information: Resource name: None type: COM executable for DOS
Source: UC.dll.0.drStatic PE information: No import functions for PE file found
Source: unires.dll.26.drStatic PE information: No import functions for PE file found
Source: UNIRES.DLL.0.drStatic PE information: No import functions for PE file found
Source: unires.dll.29.drStatic PE information: No import functions for PE file found
Source: 3.19.1+SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unires.dll.26.drStatic PE information: Section .rsrc
Source: UNIRES.DLL.0.drStatic PE information: Section .rsrc
Source: unires.dll.29.drStatic PE information: Section .rsrc
Source: classification engineClassification label: mal51.adwa.evad.winEXE@118/94@5/4
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6024:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3460:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.service
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1812:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3004:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6084:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.updater
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1592:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3196:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WIS
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5804:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:424:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6124:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5776:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5228:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7092:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2036:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3160:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3708:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6052:120:WilError_03
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsq2BF8.tmpJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: 3.19.1+SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync32.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync64.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync64.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile read: C:\Users\user\Desktop\3.19.1+SetupWIService.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\3.19.1+SetupWIService.exe "C:\Users\user\Desktop\3.19.1+SetupWIService.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --update
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinterJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvcJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineIdJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /FJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wfaxport.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spinf.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printercleanuptask.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: mswsock.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msimg32.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: sspicli.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wldp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: profapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbgcore.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dnsapi.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Uninstall.lnk.0.drLNK file: ..\..\..\..\..\..\..\Program Files\Wildix\WIService\UninstallWIService.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
Source: 3.19.1+SetupWIService.exeStatic PE information: certificate valid
Source: 3.19.1+SetupWIService.exeStatic file information: File size 25539800 > 1048576
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: 3.19.1+SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c0 source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdbv source: wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb: source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: RegAsm.exe, 0000002B.00000002.2345369794.0000026131A82000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: RegAsm.exe, 00000027.00000002.2331786678.0000017ACC722000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: RegAsm.exe, 0000002B.00000002.2345369794.0000026131A82000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: unidrv.pdb source: wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: RegAsm.exe, 00000029.00000002.2339635579.0000015A3FF12000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: RegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: RegAsm.exe, 00000029.00000002.2339635579.0000015A3FF12000.00000002.00000001.01000000.0000000D.sdmp
Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
Source: wfaxport.dll.0.drStatic PE information: section name: _RDATA
Source: wiservice.exe.0.drStatic PE information: section name: _RDATA
Source: WildixOutlookSync64.exe.0.drStatic PE information: section name: _RDATA
Source: wfaxport.dll.26.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A081402 push rbp; iretd 29_2_00007FFD9A081403
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD3473845E push eax; ret 33_2_00007FFD3473846D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD34737C5E push eax; retf 33_2_00007FFD34737C6D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD34737C50 pushad ; retf 33_2_00007FFD34737C5D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FFD3473844E pushad ; ret 33_2_00007FFD3473845D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FFD346800BD pushad ; iretd 35_2_00007FFD346800C1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FFD3474845E push eax; ret 35_2_00007FFD3474846D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FFD3474782E pushad ; iretd 35_2_00007FFD3474785D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FFD3474785E push eax; iretd 35_2_00007FFD3474786D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FFD347460AA pushad ; ret 35_2_00007FFD347460AB
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FFD3474842E pushad ; ret 35_2_00007FFD3474845D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 41_2_00007FFD346900BD pushad ; iretd 41_2_00007FFD346900C1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 43_2_00007FFD346B00BD pushad ; iretd 43_2_00007FFD346B00C1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 45_2_00007FFD346900BD pushad ; iretd 45_2_00007FFD346900C1
Source: msvcrt.dll.0.drStatic PE information: section name: .text entropy: 6.892055007396566
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Program Files\Wildix\WIService\wiservice.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WIService.wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 203
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 23038360000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 23051DB0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 20AB8850000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 20AD2010000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1B22D540000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1B2470D0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 171C7290000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 171E0DB0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 17ACAE10000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 17AE47E0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 15A3FC70000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 15A59830000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 26117B90000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 26131310000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1E4ED730000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1E4EF170000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD348F0088 rdtsc 31_2_00007FFD348F0088
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 384
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 450
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 446
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 748
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeAPI coverage: 6.0 %
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 5868Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6672Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5960Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6664Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5860Thread sleep count: 160 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1492Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6108Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2232Thread sleep count: 450 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4480Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2188Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1208Thread sleep count: 446 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 1208Thread sleep count: 748 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4372Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5724Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2740Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5388Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4188Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4832Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 5036Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2436Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4540Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 2296Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 644Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 7572Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 2632Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0505D0 FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,29_2_00007FFD9A0505D0
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: wiservice.exe, 0000003C.00000002.3366830553.0000018344F24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[[H
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2477711974.00000000005AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: wiservice.exe, 00000039.00000003.2379217531.000001E90CAF4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000039.00000002.2380383762.000001E90CAF8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000039.00000003.2379330341.000001E90CAF5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllFW
Source: wiservice.exe, 0000001A.00000003.2237520122.0000021E3E8CF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001B.00000003.2191127274.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001B.00000003.2190891927.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3366095804.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2400517210.0000020B137F3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2400780393.0000020B137F4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2400878157.0000020B137FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wiservice.exe, 0000003E.00000002.3367535180.000001A7B647D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllcc
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-3636
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FFD348F0088 rdtsc 31_2_00007FFD348F0088
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0BF214 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FFD9A0BF214
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0A50E0 GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,29_2_00007FFD9A0A50E0
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0A01B8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_00007FFD9A0A01B8
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0BF214 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FFD9A0BF214
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silentJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /FJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: {}delete server {:#x}new {}x{} {}bpp framebufferdeleting old {}x{} {}bpp framebufferframebuffer size changed {}x{} -> {}x{}unsetting desktop {:#x}couldn't send ERROR messagecouldn't send auth result: %serror sending OK messagewrite timeoutInvalid Security Typeinvalid security type {}read error while receiving security typeclient gone while receiving security typerects data size mismatch ({})couldn't send encoded datacouldn't send raw datacouldn't send rect headercouldn't send update message headerclient gone while sending update message headercouldn't send message headersending {} rectsVNC main thread started SERVER: {:#08x}vnccouldn't send update message rect headerregister RFB encoding: code:{:#x} name:{}Encoding 0x%Xregister RFB message: code:{}couldn't initialize extensioncouldn't send protocol versionserver extension returned FALSE on connectregister RFB pseudo encoding: code:{:#x} name:{}PseudoEncoding 0x%Xclient RFB version: {}.{}invalid RFB clientcouldn't receive client protocol versionclient gone while receiving protocol versionusing auth type {}minor RFB version mismatchRFB version mismatch: server %d.%d, client %d.%dmajor RFB version mismatchcouldn't receive client init messageclient gone while initializingcouldn't send auth typeclient gone while sending auth typecouldn't create output threadcouldn't send server init messageclient gone while sending server init messageframebuffer size: {}x{}couldn't receive SetPixelFormat messageclient gone while receiving SetPixelFormat messagecouldn't receive client messageclient gone while receiving messagefix_color_map_entries is not supportedcouldn't FixColorMapEntries messageclient gone while receiving FixColorMapEntries messagerequested {}bpp pixel formatcouldn't recieve encoding typeclient gone while receiving encoding typecouldn't receive SetEncodings messageclient gone while receiving SetEncodings messageextension failed to process encoding {}recv encoding: {}enabling immediate_update extension for client {}enabling desktop_resize extension for client {}client gone while receiving FramebufferUpdateRequest messageunknown encoding type: {:#x}extension failed to process pseudo encoding {}recv pseudo encoding: {}presscouldn't receive KeyEvent messageclient gone while receiving KeyEvent messagecouldn't receive FrameBufferUpdateRequest messagecouldn't receive PointerEvent messageclient gone while receiving PointerEvent messagerecv key_event: keysym:{:#x} {}unpresscouldn't receive clipboard textclient gone while receiving clipboard textcouldn't receive CutText messageclient gone while receiving CutText messageextension failed to process message {}couldn't receive SetScaleFactor messageclient gone while receiving SetScaleFactor messagerecv clipboard: {}failed to deinit extensionserver extension returned FALSE on disconnectcouldn't join output threadunknown client message {}couldn't send extension dataclient gone while sending extension dataout vncVNC main thread EXIT SERVER: {:#08x}performing full fr
Source: wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: couldn't create streamer iteration threadcouldn't join streamer iteration threadjoin streamer iteration threadstreamerC:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\integrations\screen-sharing\Streamer.cppWD_REFM_OKWD_REFM_01streamer's pending connection couldn't complete in {}mswaiting for all connections to resolveinvalid wildix auth replywildix auth reply '{}' receivedwildix auth marker '{}' sentXauth failedcouldn't create socketconnecting to {}:{}seqid {:#x} does not match last sent PING request ({:#x})configinvalid peer '{}'%dserver connectedSHUTDOWNcouldn't reconnectE_SCREEN_SHARINGdisplayssetting 'display' parameter to '{}'put message on hold because user does not allow remote controlpongR_SCREEN_SHARINGcouldn't parse message JSONlaunching system process toolsetting 'app' parameter to '{}'setting 'control' parameter to '{}'pinginvalid commandseqidinvalid msgdataunrecognized command '{}'showprocesstoolgetconfigsetparametersdesktop recording is restrictedprocess pending parameters change requestlast iteration took {}ms{}:{}recreating desktop objectsecond lock took {}msdesktop update took {}msdesktop target check took {}msfirst lock took {}mssleep took {}msthird lock took {}msframebuffer update took {}msdesktop resize took {}msconnection goneserver screenupdate took {} msclosing server due to screen resizesize: {}x{}, desktop size: {}x{}exit loopreconnecting due to error, {} attempts left{}ms without PONG replies from clientWIService.DesktopNotifyC:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\integrations\screen-sharing\utils\win\WinDesktopConfiguration.cppStarting desktop notifications loopProgmanFinishing desktop notifications loopDesktop configuration changedCouldn't create desktop notification window. CreateWindowExW() failed with error {}Generic PnP MonitorRefreshing desktop configurationRefreshing window configurationButtonNo HMONITOR found for supplied device index {}hiJo
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,29_2_00007FFD9A0DFB24
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoW,29_2_00007FFD9A0D3BD4
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,29_2_00007FFD9A0DFD08
Source: C:\Windows\System32\spoolsv.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,29_2_00007FFD9A0DF2C0
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,29_2_00007FFD9A0D3694
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,29_2_00007FFD9A0DF6EC
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoEx,29_2_00007FFD9A09A80C
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,29_2_00007FFD9A0DF61C
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Office.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Program Files\Wildix VolumeInformation
Source: C:\Program Files\Wildix\WIService\wiservice.exeQueries volume information: C:\Program Files\Wildix VolumeInformation
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FFD9A0A0CF8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,29_2_00007FFD9A0A0CF8
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Modifies the windows firewall
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
File and Directory Permissions Modification		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		211
Disable or Modify Tools		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol1
Clipboard Data		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Access Token Manipulation		1
Deobfuscate/Decode Files or Information		Security Account Manager27
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		1
Windows Service		3
Obfuscated Files or Information		NTDS31
Security Software Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd11
Registry Run Keys / Startup Folder		12
Process Injection		1
Software Packing		LSA Secrets2
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Scheduled Task/Job		1
Timestomp		Cached Domain Credentials131
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		DCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Search Order Hijacking		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron123
Masquerading		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd131
Virtualization/Sandbox Evasion		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Access Token Manipulation		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers12
Process Injection		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590155 Sample: 3.19.1+SetupWIService.exe Startdate: 13/01/2025 Architecture: WINDOWS Score: 51 82 files.wildix.com 2->82 84 feedback.wildix.com 2->84 86 2 other IPs or domains 2->86 90 Tries to delay execution (extensive OutputDebugStringW loop) 2->90 92 Sigma detected: Rare Remote Thread Creation By Uncommon Source Image 2->92 8 3.19.1+SetupWIService.exe 14 87 2->8         started        12 spoolsv.exe 109 45 2->12         started        14 wiservice.exe 2->14         started        16 4 other processes 2->16 signatures3 process4 dnsIp5 60 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 8->60 dropped 62 C:\...\WisUpdateCheckerTaskX64.xml, XML 8->62 dropped 64 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->64 dropped 72 32 other files (none is malicious) 8->72 dropped 102 Modifies the windows firewall 8->102 19 cmd.exe 8->19         started        22 wiservice.exe 8->22         started        25 wiservice.exe 8->25         started        36 24 other processes 8->36 66 C:\Windows\system32\...\unires.dll (copy), PE32+ 12->66 dropped 68 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 12->68 dropped 70 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 12->70 dropped 74 3 other files (none is malicious) 12->74 dropped 27 wiservice.exe 14->27         started        29 wiservice.exe 14->29         started        76 files.wildix.com 18.173.205.52, 443, 49807, 49818 MIT-GATEWAYSUS United States 16->76 78 18.173.205.94, 443, 49831 MIT-GATEWAYSUS United States 16->78 80 127.0.0.1 unknown unknown 16->80 31 wiservice.exe 16->31         started        34 wiservice.exe 16->34         started        file6 signatures7 process8 dnsIp9 94 Uses schtasks.exe or at.exe to add and modify task schedules 19->94 96 Uses netsh to modify the Windows network and firewall settings 19->96 38 conhost.exe 19->38         started        40 schtasks.exe 19->40         started        50 C:\Windows\System32\drivers\etc\hosts, ASCII 22->50 dropped 98 Modifies the hosts file 22->98 100 Sets file extension default program settings to executables 25->100 88 feedback.wildix.com 52.58.254.151, 443, 63142, 63157 AMAZON-02US United States 31->88 52 C:\Windows\System32\wfaxport.dll, PE32+ 36->52 dropped 54 C:\Windows\System32\spool\...\unires.dll, PE32+ 36->54 dropped 56 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 36->56 dropped 58 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 36->58 dropped 42 taskkill.exe 1 36->42         started        44 taskkill.exe 1 36->44         started        46 taskkill.exe 1 36->46         started        48 28 other processes 36->48 file10 signatures11 process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
3.19.1+SetupWIService.exe0%VirustotalBrowse
3.19.1+SetupWIService.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Office.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UC.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UninstallWIService.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe3%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\dotnet-dump.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIRES.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\wfaxport.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\websocket-sharp.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\wiservice.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsExec.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\3\New\unires.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unidrv.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unidrvui.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unires.dll0%ReversingLabs
C:\Windows\System32\wfaxport.dll0%ReversingLabs
C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)0%ReversingLabs
C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)0%ReversingLabs
C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://files.wildix.com/integrations/applications.json0%Avira URL Cloudsafe
https://files.wildix.com/integrations/0%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.jsonnt)0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsons0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/collaboration/Collaboration-0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonCa0%Avira URL Cloudsafe
https://www.wildix.com0%Avira URL Cloudsafe
https://wildix.atlassian.net/wiki/x/HgfOAQ&Send0%Avira URL Cloudsafe
https://wildix.atlassian.net/wiki/x/HgfOAQ0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterS0%Avira URL Cloudsafe
https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgl0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe0%Avira URL Cloudsafe
https://backtrace.wildix.com/api/v1/IntegrationService/Trace/8a0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.json0%Avira URL Cloudsafe
https://files.wildix.com/integrations/osx/wiservice/WIService.pkg0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe0%Avira URL Cloudsafe
https://backtrace.wildix.com/api/v1/IntegrationService/Trace/0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati0%Avira URL Cloudsafe
https://files.wildix.com/integrations/applications.jsonock0%Avira URL Cloudsafe
http://pbx.wildix.comDisplayIcon0%Avira URL Cloudsafe
http://ocsp.sectigo.como0%Avira URL Cloudsafe
http://ocsp.sectigo.com090%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonrvi0%Avira URL Cloudsafe
http://www.gimp.orgg0%Avira URL Cloudsafe
https://backtrace.wildix.com/api/v1/IntegrationService/Trace/90%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.json17ef0%Avira URL Cloudsafe
https://www.wildix.com2015-20250%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonvi0%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.json0%Avira URL Cloudsafe
https://chrome.google..0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe0%Avira URL Cloudsafe
https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg0%Avira URL Cloudsafe
https://files.wildix.com/integr0%Avira URL Cloudsafe
https://sectigupdater.txt0%Avira URL Cloudsafe
http://jimmac.musichall.cz0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
files.wildix.com
18.173.205.52
truefalse
    		unknown
    feedback.wildix.com
    		52.58.254.151
    		truefalse
      		high
      18.31.95.13.in-addr.arpa
      		unknown
      		unknownfalse
        		high
        crt.sectigo.com
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://files.wildix.com/integrations/applications.jsonfalse
          • Avira URL Cloud: safe
          		unknown
          https://files.wildix.com/integrations/integrations.jsonfalse
          • Avira URL Cloud: safe
          		unknown
          https://feedback.wildix.com/api/v1/Analytics/wiservicefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://repository.certum.pl/ctsca2021.cer0A3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://files.wildix.com/integrations/x-beesNativeApp.jsonnt)wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.certum.pl/ctsca2021.crl0o3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://wildix.atlassian.net/wiki/x/HgfOAQ&Sendwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://chrome.google.com/webstore/detail/wildix-collaborationwiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://feedback.wildix.com/api/v1/Feedback/Wiserviceawiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.wildix.comwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://feedback.wildix.com/api/v1/Feedback/Wiserviceewiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://repository.certum.pl/cevcsca2021.cer03.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 00000039.00000002.2380162182.000001E90CAB0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3367535180.000001A7B647D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://files.wildix.com/integrations/wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/opencv/opencv/issues/16739wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                            		high
                            https://files.wildix.com/integrations/integrations.jsonswiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://curl.se/docs/hsts.htmlwiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpfalse
                              		high
                              https://wildix.atlassian.net/wiki/x/HgfOAQwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://files.wildix.com/integrations/integrations.jsonCawiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://subca.ocsp-certum.com053.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiWYASe.f0AG1.fwiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterSwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://files.wildix.com/integrations/win/collaboration/Collaboration-wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exewiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2389784848.00000273440B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://subca.ocsp-certum.com023.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiwiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027343FE8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://subca.ocsp-certum.com013.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://crl.certum.pl/ctnca2.crl0l3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://repository.certum.pl/ctnca2.cer093.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkglwiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://files.wildix.com/integrations/osx/wiservice/WIService.pkgwiservice.exe, 00000032.00000003.2376081815.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://backtrace.wildix.com/api/v1/IntegrationService/Trace/8awiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://files.wildix.com/integrations/win/wiservice/SetupWIService.exewiservice.exe, 00000032.00000003.2376081815.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.certum.pl/CPS03.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpwiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/serilog/serilog/pull/819.RegAsm.exe, 00000027.00000002.2331786678.0000017ACC722000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                  		high
                                                  http://pbx.wildix.comDisplayIcon3.19.1+SetupWIService.exe, 00000000.00000003.2476570775.00000000005AD000.00000004.00000020.00020000.00000000.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000002.2477711974.00000000005AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2238301964.0000021E3E88C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2380162182.000001E90CAB0000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3367535180.000001A7B647D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://cevcsca2021.ocsp-certum.com073.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://files.wildix.com/integrations/applications.jsonockwiservice.exe, 00000032.00000002.2402652719.0000027343FFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606573232.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013635939.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000002.3368375920.000001A7B6F00000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013441140.000001A7B6511000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013212612.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606502843.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3105730626.000001A7B6513000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810824456.000001A7B6F14000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607752321.000001A7B6F0E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://ocsp.sectigo.comowiservice.exe, 0000003F.00000002.3366922849.000001E7DEDC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://sectigo.com/CPS0wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606573232.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013635939.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000002.3368375920.000001A7B6F00000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215911838.000001A7B654E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216121081.000001A7B654E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013441140.000001A7B6511000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607667379.000001A7B6550000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013212612.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B6550000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606502843.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3105730626.000001A7B6513000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810824456.000001A7B6F14000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607752321.000001A7B6F0E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://repository.certum.pl/ctnca.cer093.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://curl.se/docs/http-cookies.htmlwiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                            		high
                                                            http://crl.certum.pl/ctnca.crl0k3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.0000000002442000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000002.3368694671.000000000243A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001D.00000003.2231867064.000000000243B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://ocsp.sectigo.com09wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606573232.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F0C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013635939.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000002.3368375920.000001A7B6F00000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F08000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F04000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013441140.000001A7B6511000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013212612.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2606502843.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3105730626.000001A7B6513000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810824456.000001A7B6F14000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607752321.000001A7B6F0E000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607471026.000001A7B654B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3216004200.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3013291874.000001A7B6F2C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.3215587772.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2607370390.000001A7B6F0D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2810299913.000001A7B6F11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://files.wildix.com/integrations/integrations.jsonrviwiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.gimp.orggwiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://backtrace.wildix.com/api/v1/IntegrationService/Trace/9wiservice.exe, 0000003B.00000002.2401993199.0000020B137B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://nsis.sf.net/NSIS_ErrorError3.19.1+SetupWIService.exe, 00000000.00000000.2105391633.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                  		high
                                                                  http://ocsp.sectigo.comwiservice.exe, 0000003F.00000002.3366922849.000001E7DEDC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://curl.se/docs/alt-svc.htmlwiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                      		high
                                                                      https://www.certum.pl/CPS03.19.1+SetupWIService.exe, 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.2193805770.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194129874.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2193595780.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000001A.00000003.2194368140.0000021E3E92A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://files.wildix.com/integrations/x-beesNativeApp.json17efwiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://james.newtonking.com/projects/jsonRegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                          		high
                                                                          https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknwiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.000002734407B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2376492508.000002734408D000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://files.wildix.com/integrations/integrations.jsonviwiservice.exe, 0000003C.00000002.3366830553.0000018344F0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://feedback.wildix.com/api/v1/Analytics/wiserviceevent=unknownEventevent=data&wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              		high
                                                                              https://www.wildix.com2015-2025wiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://files.wildix.com/integrations/x-beesNativeApp.jsonwiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://chrome.google..wiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://files.wildix.com/integrations/win/tapi/WildixTAPI.exewiservice.exe, 00000032.00000003.2376081815.0000027344090000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344063000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2375828036.000002734408F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://jimmac.musichall.czwiservice.exe, 0000001A.00000000.2179606923.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.2241007801.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000000.2358684149.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000000.2370256148.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2404976091.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000002.3370811302.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.3371371353.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F1E8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.newtonsoft.com/jsonschemaRegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                		high
                                                                                https://sectigupdater.txtwiservice.exe, 0000003F.00000002.3368798627.000001E7DF901000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000003.3063559674.000001E7DF901000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.nuget.org/packages/Newtonsoft.Json.BsonRegAsm.exe, 00000025.00000002.2325686984.00000171E1472000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                  		high
                                                                                  https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgwiservice.exe, 00000032.00000003.2393499547.0000027344077000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000002.2402652719.0000027344078000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000032.00000003.2389784848.00000273440B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assignwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    		high
                                                                                    https://feedback.wildix.com/api/v1/Feedback/Wiserviceemailothersizestypemessagecontextfeedback.zipPrwiservice.exe, 0000001A.00000000.2179606923.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000032.00000002.2406418580.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000039.00000002.2382063409.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2385271678.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003C.00000000.2396505619.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2403011445.00007FF76F341000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3372166129.00007FF76F341000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                      		high
                                                                                      https://files.wildix.com/integrwiservice.exe, 00000032.00000002.2402652719.000002734409E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      18.173.205.52
                                                                                      		files.wildix.comUnited States
                                                                                      		3MIT-GATEWAYSUSfalse
                                                                                      52.58.254.151
                                                                                      		feedback.wildix.comUnited States
                                                                                      		16509AMAZON-02USfalse
                                                                                      18.173.205.94
                                                                                      		unknownUnited States
                                                                                      		3MIT-GATEWAYSUSfalse

                                                                                      Private

                                                                                      IP
                                                                                      127.0.0.1

                                                                                      General Information

                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                      Analysis ID:1590155
                                                                                      Start date and time:2025-01-13 17:02:28 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 11m 24s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:76
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:3.19.1+SetupWIService.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal51.adwa.evad.winEXE@118/94@5/4
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 20%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 96%
                                                                                      • Number of executed functions: 140
                                                                                      • Number of non-executed functions: 179
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 52.109.32.97, 172.64.149.23, 104.18.38.233, 52.113.194.132, 13.107.253.45, 4.245.163.56, 13.95.31.18, 20.109.210.53, 172.202.163.200, 2.23.242.162
                                                                                      • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, crt.comodoca.com.cdn.cloudflare.net, otelrules.azureedge.net, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, crt.comodoca.com, ocsp.digicert.com, s-0005.s-msedge.net, config.officeapps.live.com, crt.usertrust.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, ukw-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 2724 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 3220 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 4584 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 4776 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 5760 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 6260 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 644 because it is empty
                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 6484 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      11:03:33API Interceptor20x Sleep call for process: RegAsm.exe modified
                                                                                      17:03:42Task SchedulerRun new task: WIService update checker path: C:\Program Files\Wildix\WIService\wiservice.exe s>--update
                                                                                      17:03:46AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      18.173.205.52http://oinbaseprologin.yourwebsitespace.com/Get hashmaliciousUnknownBrowse
                                                                                        18.173.205.94https://app.online.mt.com/e/es?s=961579678&e=14507707&elqTrackId=4f40dcb3a3854013ad3a46d461cc3aff&elq=5140e028df1a42afab491350388fd129&elqaid=221811&elqat=1&elqcst=272&elqcsid=2325629&elqak=8AF5D97DFF9E423CC7C7524F5CA3C1A86F5F67341B9DF612D5A2FB20DE928F2AA351Get hashmaliciousUnknownBrowse
                                                                                          https://us.services.docusign.net/webforms-ux/v1.0/forms/de9dbdc77cc2367bb50c45c4d2a0b8c4Get hashmaliciousUnknownBrowse
                                                                                            http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                              https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                                http://molatoriism.icuGet hashmaliciousHTMLPhisherBrowse
                                                                                                  https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ftejasviolin.com%2Fcharlieir%2FXHVsNVYTNZSjG4S2Sb86eRml/amNoaW5mb0BqdW1laXJhaC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                    https://pub-ed7d897b46f94eef8e19264c3144fa78.r2.dev/home.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      https://bdvonline-personas-139.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        https://798-ads.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                          http://bdvonline-personasv.pages.dev/Get hashmaliciousHTMLPhisherBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            files.wildix.com3.17.7+SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 54.230.31.9
                                                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 52.213.62.3
                                                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 52.213.62.3
                                                                                                            feedback.wildix.comfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                            • 3.69.183.96
                                                                                                            3.17.7+SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 52.29.89.211
                                                                                                            SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 3.64.145.227
                                                                                                            SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 3.64.145.227
                                                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 54.93.167.246
                                                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 54.93.167.246
                                                                                                            SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            • 35.157.107.60
                                                                                                            SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 35.157.107.60

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            MIT-GATEWAYSUSJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                            • 18.173.219.40
                                                                                                            https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                                                            • 18.66.102.51
                                                                                                            DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 18.66.147.96
                                                                                                            elitebotnet.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 19.135.143.180
                                                                                                            elitebotnet.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 19.6.61.253
                                                                                                            elitebotnet.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 18.124.224.161
                                                                                                            3.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 19.237.174.63
                                                                                                            5.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 18.116.56.162
                                                                                                            https://bnbswap.lakshmi.trading/Get hashmaliciousUnknownBrowse
                                                                                                            • 18.66.102.92
                                                                                                            http://ledger-recovery.co.uk/Get hashmaliciousUnknownBrowse
                                                                                                            • 18.172.103.101
                                                                                                            AMAZON-02USarmv6l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                            • 54.247.62.1
                                                                                                            JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                            • 18.244.18.122
                                                                                                            https://www.google.ca/url?0g1qta=https://www.flowersgarrett.au&Qg=P4&bg=FN&TA=Z1&bg=PR&TA=UN&q=%2561%256d%2570%2F%2562%2563%2535%256D%2537%2579%252E%2564%2565%256B%2563%2568%256F%2562%2574%2569%2565%2577%252E%2563%256F%256D%252F%256A%256D%2561%257A%256F%2575%2572%2540%2569%256E%256F%2576%2561%256C%256F%256E%252E%2563%256F%256D&opdg=QXY&dUM=MTA&eTY=azMGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.33.187.96
                                                                                                            https://37ja0w4ofs2v93pb78wrnw.blob.core.windows.net/37ja0w4ofs2v93pb78wrnw/HT00.html#qs=r-afidgaidkggiiejaghghkciacjbeegjkagehdfagehdfababagbaecdaccaibkaddiiaejihifadccGet hashmaliciousPhisherBrowse
                                                                                                            • 52.222.236.11
                                                                                                            New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.228.81.39
                                                                                                            https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                                                            • 143.204.98.115
                                                                                                            http://id1223.adsalliance.xyzGet hashmaliciousUnknownBrowse
                                                                                                            • 108.138.26.50
                                                                                                            https://www.google.ca/url?subgn1=https://www.fordbeckerandgutierrez.com&SQ=WA&SQ=F5&SQ=R7&TA=W4&SQ=L6&q=%2561%256d%2570%2F%2573%256D%2569%2568%256B%2538%252E%2564%2565%256B%2563%2568%256F%2562%2574%2569%2565%2577%252E%2563%256F%256D%252F%256A%2576%2561%256E%256E%2561%2574%2574%2565%256E%2540%2561%2572%2572%256F%2577%2562%2561%256E%256B%252E%2563%256F%256D&opdg=ejM&cFQ=QXo&STA=MHYGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.33.187.96
                                                                                                            DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.35.58.119
                                                                                                            https://email.mg.decisiontime.online/c/eJxszjFvszAQgOFfYzbQ-c4mMHj4pK_M3TqDOZdTjR1hJyj_vkqVMeujd3hXZxnHi2_Y6Qv1hohgaHifJbbhyHu75n2W5M7z7Fb2UiSnKjt3OUVJ_CqjpJ9WVoeoxwEvL62PKz9VN5szGsd5AQoLgV-oZ2_1oPuFgrWAvWnEIaAFDaM2ZGHoAsy0DGwY2VpNoAzs328fottqvRZF_xROCqeyFV_flQonDLPC6c6HhEfr8_q0v9vmcB9xlsTdl8SS0__8qQyUfKsbH6ket1K7rfgkXeLa3B3-BgAA__-9dmXGGet hashmaliciousUnknownBrowse
                                                                                                            • 3.9.49.166
                                                                                                            MIT-GATEWAYSUSJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                            • 18.173.219.40
                                                                                                            https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                                                            • 18.66.102.51
                                                                                                            DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 18.66.147.96
                                                                                                            elitebotnet.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 19.135.143.180
                                                                                                            elitebotnet.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 19.6.61.253
                                                                                                            elitebotnet.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 18.124.224.161
                                                                                                            3.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 19.237.174.63
                                                                                                            5.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 18.116.56.162
                                                                                                            https://bnbswap.lakshmi.trading/Get hashmaliciousUnknownBrowse
                                                                                                            • 18.66.102.92
                                                                                                            http://ledger-recovery.co.uk/Get hashmaliciousUnknownBrowse
                                                                                                            • 18.172.103.101

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                              C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse

                                                                                                                Created / dropped Files

                                                                                                                C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1691760
                                                                                                                Entropy (8bit):6.377248011693859
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:W0H28oc49lxvVtv4nZ70XYvHPhqkWHZC8l/Ia0dpZu4MRk:09wn10/k
                                                                                                                MD5:AC174E068FA99EA6B346353BA69757CE
                                                                                                                SHA1:CD1A42D84C18E8473FBEC6A6A3AC731DBB1FCC9B
                                                                                                                SHA-256:19C680C1691BA446F2751B79355F2EF7206BBDA3684B058370F26FD2A82F5D6B
                                                                                                                SHA-512:E9B0249979ABE566651CDC14F3C18A93B5B8C5C4C45E97FDB7A39D828A7FE930FEE8F1EE7B0A50A5213B4C2B0727E7C07FA5EF591FA80F555D6654CADD5B9BBD
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip, Detection: malicious, Browse
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........xj..xj..xj......xj...n..xj...i..xj...o..xj...k..xj...m..xj...n..xj...k..xj..xk..yj...o..xj...j..xj......xj..x...xj...h..xj.Rich.xj.........................PE..d...2..c.........." .....V..........d-.......................................@......~.....`.........................................P...........|....... ....0..t.......p*... ..........T.......................(...`...8............p...............................text....U.......V.................. ..`.rdata.......p.......Z..............@..@.data........ ......................@....pdata..t....0......................@..@.rsrc... ...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):985712
                                                                                                                Entropy (8bit):5.551919340566682
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24576:OmPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9Hw1:Omb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNw
                                                                                                                MD5:390B04A388FFD833D4E93ED4153AE58D
                                                                                                                SHA1:1D21644C16772988DD817B40E3886585BBB2D4B2
                                                                                                                SHA-256:BB0E790F27DCBEC3B0DCB9F01F27A38C3D2D1F775538C6CFBF9883795F38EFF2
                                                                                                                SHA-512:2FD5E8435110FD10DA4B17496377D619C249A11CEFDF4B01796029BB4A24E6A13EAA133158D250C9CC3C7BC9DBECA42BCE09F5AB3523B415A54F9461F3E5BA2A
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Joe Sandbox View:
                                                                                                                • Filename: file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip, Detection: malicious, Browse
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... .......h....@.....................................K.......................p*........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):37488
                                                                                                                Entropy (8bit):6.42379201827549
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:PwJTwYB4E5n/xe5arr82ADib6kysSoQuSW:YJYE55e5mr8tOb6k1L7SW
                                                                                                                MD5:D332E42FFA4175720FBC2AA4AC4C57E3
                                                                                                                SHA1:4148438DBD61126A5B223409E6FF49F8F838362C
                                                                                                                SHA-256:9B070077A44937BEF43C386D4A89051300BC4FAA50C115A1D10FDBB052B66CA8
                                                                                                                SHA-512:EB3C246EE059B94CE994B301486117AF1C06B7995FE107EC7F6A9CF0465A8BBFD45D46BCCF87623644BB9C4E345E141BC0F1BDA1FF8FC8D73CE255EEAC0FEA8D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... ....................................@..................................v..O.......d............h..p*..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                                                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):53872
                                                                                                                Entropy (8bit):6.209840303982636
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:N7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsO282ADib6U2:xVs6c3d28tOb6UT1L7SF
                                                                                                                MD5:D454D5F84DD74C88DE630BA148470B43
                                                                                                                SHA1:C2CB551054DF4EEE747783450BD5A79E711774B1
                                                                                                                SHA-256:D4C2959CC59021EC109C0546AB6B44C9D62FE34F8648FA2E82693B6F6FDB9717
                                                                                                                SHA-512:D30B2E6B7A1908FE80D5B52CC349D0BC128DBD807413AF3303626DC9758C11A3FA58E99E3A368C284C7B9573C06A7DD6B1228C398B1E1D84C1AEAD545713FD08
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ....................................@.................................0...K.......@...............p*........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                                                                                C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):483440
                                                                                                                Entropy (8bit):5.88808533617672
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:Ma9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZ/:Ma9ps9y+hl8hyfItfqNWtkT4yzIDUCEf
                                                                                                                MD5:3A1269C0A167AC4D9A444A6123F62647
                                                                                                                SHA1:578575D8D7A073EF2AE8AF7DE65558ECC0FC0F99
                                                                                                                SHA-256:ABC3A0B4FE5DB6717ED3D1BED438BACF053000BCA6C75DD8BE0047D776CEBB20
                                                                                                                SHA-512:63DA1B64A5AFFF89A7031470EB3F08ABA8F4EE381025777EBBD5EA6404F68C92A998169C8B0B21DB3495CDF6A63AC836154C348DDD7D469EAACE293FD0A0482D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................s.....@.................................(L..S....`...............6..p*........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                                                                                C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):703088
                                                                                                                Entropy (8bit):5.944616866544071
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:Rf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHQYa:ZXNL2PVh6B+BzjmcwYa
                                                                                                                MD5:D3E0B67E13A5705481C6CA3C7193E7CF
                                                                                                                SHA1:41EE7FAA47F8FBBC025170B5D137E11F4475922E
                                                                                                                SHA-256:F0A7EAAABC1D4D46F45646C9676136377DD72FEFE0365DE51CC7A0CD048AA8C0
                                                                                                                SHA-512:6087C957A49F5472F3D77D4F3B4114C536A5777C03AE33223835698AD3C2865CE3BB2F8FF8DB1CD0DF49FB7CF73FA61B4DFA849430295E82B3D82601E1B66E95
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ....................................`.....................................O.......................p*..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                C:\Program Files\Wildix\WIService\Office.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):420464
                                                                                                                Entropy (8bit):5.859763778856411
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:no4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnqgy:no4vyP2a+zKZsDr52f7rvty
                                                                                                                MD5:5759B4F594B5D6B05CDF7D3818A41CF8
                                                                                                                SHA1:63F4C42A3E3279F918991886DF6C53A5121C6D9B
                                                                                                                SHA-256:E31181E899F6A109B782D20D6A77392D3F8A4C945D818861D9DC0ACB3B67D477
                                                                                                                SHA-512:D53609028B3495DAA23C370ECD65500CB7F636A9950E7C54970CBA79A0C38DC6C81CBCC44C97392EA5B33F581C243D2C0A268E08ADFAF1D1EFA2746FC120089C
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ..............................s........................................!..W....@..L............@..p*...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):43120
                                                                                                                Entropy (8bit):6.314942767785965
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Dx+pe4L10ajxHJl7u4WHjWZ82ADib6IysSoQuSKhE:1K0ajRu4WKZ8tOb6I1L7SKhE
                                                                                                                MD5:2BFDFE0FB1AA5E9B398C49BB006B92A9
                                                                                                                SHA1:5AABCCBC39F240DEEB048FCB4A7D636D787E4E34
                                                                                                                SHA-256:BF0DC8C853201F9AC9E8B5A9696C24C46DCD9B8AE20CA5744B5B11574E175156
                                                                                                                SHA-512:71E937DDDCF890661819A80679B62CC16912A713EE13F26DD9AB0E05438A680E4925AFBFDEEDC3409F908512F6AF34DC33C552A50A90C6C9321D285A851C6244
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................[....`.................................(...O.......L............~..p*..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                                                                                C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):17520
                                                                                                                Entropy (8bit):6.83969555329617
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:XrDJKl99Xk8jr8VSurQ2ADir/6rDzhW5w56SofousWu4qi7:Xr20L82ADib6dWysSoQuS2
                                                                                                                MD5:9F018137CCC7684C1922C8D8FA7BA364
                                                                                                                SHA1:E2C26A5BE58B2511043F918939B40134428A4E7A
                                                                                                                SHA-256:7F1D68C22394D54159E918B089CF721DC0F5EF5BD2E9699ED135945ED20E020F
                                                                                                                SHA-512:713C6D48BB186326492FF1466810FF7E270719F5A9A755C4BF84BC66679587223EA9973842EB3D719E2A5B564F488CDE34E39BB5286DBAD428E26E8EA7ED800C
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ...............................0....`................................../..O....@..@...............p*...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                                                                                C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):36976
                                                                                                                Entropy (8bit):6.423492405586302
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:F2IVwX/kpnTXMcTWpHdD2JRrcfwcyT82ADib6jysSoQuSt:/wXcpnTXMwWmJRXVT8tOb6j1L7St
                                                                                                                MD5:F632DC6A8B6A9D34F1A24B39475965E2
                                                                                                                SHA1:44F478B7B76F9B23E5E78D25157BF58FE675A223
                                                                                                                SHA-256:7B10A8C77CE1BA7B68ED742590031BACEC6EEA9641AB0AD2F0DDA40BF7D05C61
                                                                                                                SHA-512:6B54ACBD0C5510EABCABE475011E14DA71C096A2F4E4235C605283D9E87903F202C94D3F24006DBC67C143064212CF80D545362C73B7E903AF607A9207666DBC
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ..............................>.....`.................................O{..O.......4............f..p*...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                                                                                C:\Program Files\Wildix\WIService\Serilog.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):130672
                                                                                                                Entropy (8bit):6.183884930918232
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:Gy8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovqnSOD1fSr:jPSMkNtS6rzH7H+y2e
                                                                                                                MD5:381D1F6EAC3487FB809F4A67B20BBFC0
                                                                                                                SHA1:7AE67391144F1C3BDDB739F89499E4DFC2E01561
                                                                                                                SHA-256:CEA976F7B2AD44B80CAABCD2E2E443D4A58BB31839C6E12F68E49234FDCFD121
                                                                                                                SHA-512:A702FC408F953B96E5BFFAAB5953E08FF7F4215A6A87BA94E283EEB6D1E87BD79D34D8421ECD98180844BB037553F958D4E9B71900A085C3B62757BD848CDD74
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@............`.....................................O.......................p*... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                                                                C:\Program Files\Wildix\WIService\UC.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):461424
                                                                                                                Entropy (8bit):5.25726869136666
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:mw/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIg:L8KXAy7qy6EOdgQ
                                                                                                                MD5:6CD6DE9E328D4FDDBD0E3D5673369C3B
                                                                                                                SHA1:0A0915D6B89CAEF5A9D8D170089ABEBEAF6A183C
                                                                                                                SHA-256:5282E7BD01BD8C7A29E418E9F9EA7559A1A6E9F4CA3311399DC957296CEF5FF4
                                                                                                                SHA-512:53B1D121698D22A821093F88A5D1270A8243D7CDC836AF338045562363C0C2AFA222D925B6FFD89C238B0775A6F946F539431FC46E9964CE2D382BE9434D2752
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aF..%'..%'..%'...[~.$'..%'..$'...[..$'..Rich%'..........PE..L.....tg...........!..."..................................................................@.......................................... ..................p*..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@......tg........j.................tg..........................tg........l.................tg............................................RSDS.BO..$.M..+.V.C{....C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\oi_release\UC.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02........................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                Category:dropped
                                                                                                                Size (bytes):162168
                                                                                                                Entropy (8bit):7.073455164608616
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:ZbG7N2kDTHUpoub7G1GFkTvQnKKjRCCDgqqAuKF5s34FEbfPzSzz1fSJ:ZbE/HUzi1GF9n6fqjup34GbfWdM
                                                                                                                MD5:4D27F2943AD5052773E7741645B23DD6
                                                                                                                SHA1:61B2A58C06C45A5682A24C32E4317EE07C685CFC
                                                                                                                SHA-256:802AEB611760C67B68BE019480F65F8EA7BAC6CC30BC89D840DF895A7C3DA55F
                                                                                                                SHA-512:85C5CA1FAF19A1168932C1C7259314A276ACBDDBD6F60BF5B9A89DEFE8440FDDB21E9EC9C04C1EC1F03FF3951162B20059C8A7218D72933872824A2367641B6E
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@.......................................@..........................................p...............O..p*...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):397424
                                                                                                                Entropy (8bit):5.896845001178328
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:rNQ4YiZ6kjpxx981KKjQ9w53HW1fnAgCGCbmScQ:JrZ6kNxx9PKdU9AYAT
                                                                                                                MD5:1A03B412419726F712C0C944D9223EBE
                                                                                                                SHA1:D996B0D84B4FD60A0C88375D20E8FAD796D30946
                                                                                                                SHA-256:232B5CE24F0E7EE6341A59E7BA939B63F6C5918AD847B453234029146C3F60A0
                                                                                                                SHA-512:705D5C732F913C8C2E392592C91128F6FE5706ACF1FDF933042A2C4D40AAC90D3DF0478E9ECE9885E718E3FF5C81E7CB76974070148B4E8D9729F52057C8CF6A
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.tg.........." ..0.................. ........... .......................@............`.....................................O.......@...............p*... ......P................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B........................H.......@...H=...............*...........................................0...........(......({...}....( ...o!...o"...o#.........%....o$....(%.....s&...}.....{....r...p(...+((...o)....{.......{....(|...o*....{.... .....{....(|...o+....{.... .....{....(|...o,....{.....".{....(|...o-....{.....o...."...A.s/...o0....s&...}.....{....r7..p.........(1...o)....{.....2.{....(|...o*....{.... .....{....(|...o+....{.... .....{....(|...o,....{.......{....(|...o-....{.....o...."..PA.s/...o0

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifest

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3755)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):19152
                                                                                                                Entropy (8bit):5.393272662156399
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU8zS1Ap5kxP0Ko:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMn
                                                                                                                MD5:B079016897676DE86F27C99F428B8808
                                                                                                                SHA1:4A75733DF4F6D833898599100AD6ECA2CDD8AE17
                                                                                                                SHA-256:9ACDD49BF2F04E1E6400905BA43D617A67C1260E8B97B93DB322234767FFC35A
                                                                                                                SHA-512:4CD033711E425FA9ED5AA8C8F8DCB575C865735B3B2B3FE6DF04AA22B84A5C7F249245DFC3E5DBF6265229D71967C8C3F51F692AF30FBC1B83DDB7BB829830FC
                                                                                                                Malicious:false
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookAddin.vsto

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3784)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5585
                                                                                                                Entropy (8bit):5.810263805047951
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:0WLwO9Zc9vHTPkucpkF8YmORsZalUEgdF8YxzFodo9bBDA:ffFkLPdEA
                                                                                                                MD5:DB9C70488F4DA3E672D17C6C7EEB5ED6
                                                                                                                SHA1:49BA2D0791E5B3523FB076792843A71D4000E15B
                                                                                                                SHA-256:5D457F66530E9A4553D428BD95ACFBFB578884561619F90BE19D171DD253DEFC
                                                                                                                SHA-512:B138ABA72CAF390AAB04DD77F1E660751534878F2E8278E1C92433AC305AC215C30E0FA60522658FCD63D18B821D0B869BB6B369FBF3D4FD3B4C65C09DCC093B
                                                                                                                Malicious:false
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="Amazon.com" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-microsoft-com

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23664
                                                                                                                Entropy (8bit):6.560940967824352
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:NVVKiOteMGnUvLMktlhw75P72brQ2ADir/6raX5w56SofousWu4Kfyg:NVkiO4MzpJwZA82ADib64ysSoQuSH
                                                                                                                MD5:FAEA425A09F6DCC14F03D967946FC6E3
                                                                                                                SHA1:8569910F5F5B369CAD5FA232ED5EE8A3CC38564E
                                                                                                                SHA-256:17DD9AB9E3C5733DF4BE6D2B6F6961F053E1B22C1E44F6B611359412C1B0DB49
                                                                                                                SHA-512:6EF24695606B67E78A02A9C5911D2325A39FB5DDA230F5DA7858EE436A317C5779AD4C01285948EF5A09813E190A3B53AE952DFD52D9D7CD38FBFE832202E4A4
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A............" ..0..*...........H... ...`....... ....................................`.................................XH..O....`...............2..p*...........G..8............................................ ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B.................H......H.......x$..$#............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......(....*:.(......(....*~.(......o....(......o....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(.....r...p( ....s....(".....($.....

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):586864
                                                                                                                Entropy (8bit):5.063139636129146
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:SIjggFdum2P4yaUXShvjSRbu05zpERTuZKKjQ9w53HW1fV/vDKjQGZ5bHWhUkzGc:KguBQyaUkJdxKdUbKXwjzF
                                                                                                                MD5:0D4C25344365AF560C17E3EB7D649427
                                                                                                                SHA1:3D44C52059AD8ABEBAD9578179BA7E6DED2C55E7
                                                                                                                SHA-256:0672D29C4D7BBC087FE5ED4AAA8E2842E16D3947114DBB64EFA8613E106379F1
                                                                                                                SHA-512:AA91EC560C875914D1F085CF80EBED3A5B2668DFDA5DC3782861C13BAD598C82A0C4A919005053754BC44BE432627ECFE446DAE9D2DD4E00FD861F0333CA8D78
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.tg..............0..............+... ...@....@.. ....................... .......p....`..................................+..O....@..................p*..........t*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................+......H.......p....0..........T... +...........................................~....*..(....*..0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r...p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r5..p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..;.......~..........(&...rm..p(1...~....~....o2...o3......,..(0....*.........

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.config

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):146
                                                                                                                Entropy (8bit):4.983767070197417
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                                                                                MD5:05BD64DBD44CF1C95236670D3842562F
                                                                                                                SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                                                                                SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                                                                                SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                                                                                Malicious:false
                                                                                                                Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5364336
                                                                                                                Entropy (8bit):6.803295159333163
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:EBDD78pFjrWkS2vQHbajE/OvLenj9QG96rDcmdD:+DQnjrWkS24Hbajcfj9c4q
                                                                                                                MD5:206E87E60FE774EC5A94EB99B8B2B070
                                                                                                                SHA1:BD463F6584F263B85B656C58AFBB1D7AF14975DE
                                                                                                                SHA-256:EFFC0165FADBCDC21A9C3C000922CB98A293398486A24E50A70789F257CF9F20
                                                                                                                SHA-512:72E9FC83E77BD9E69AEC91CB836CACEC0C7A20B04A8EB02F7698DF16A3AC095BF972BCBE4F1AA85D17E00C6FA703D87763C328E7D1F717DF4B8F2C1BC21107C1
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{..{..{......{......]{....<.{......{......{.......{......{......{..{...z..{..{..L...(y..L...{..L...{..L.>.{..{V.{..L...{..Rich.{..........PE..L.....tg...............".,<.........X.6......@<...@..........................pR......R...@.................................L(J......0N...............Q.p*....O.T.....G.p.....................G.......G.@............@<..............................text....+<......,<................. ..`.rdata.......@<......0<.............@..@.data...T....PJ..N...2J.............@....rsrc........0N.......M.............@..@.reloc..T.....O.......O.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6427248
                                                                                                                Entropy (8bit):6.617744849493833
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:98304:fd+J+bYZD4OdDcJW7+6vABZvzYMflMs0fRu:VsuM46cJWdvAvvPdd+u
                                                                                                                MD5:9EA16A6444682CE6BC5A12433EB47453
                                                                                                                SHA1:893F4F4E1498CB641B85368D7203B2BFE0A5B658
                                                                                                                SHA-256:1ACE7C7705205DD8B5933C0A76827177912AD3201F5448425B11BD897BB92CC2
                                                                                                                SHA-512:C4B0BADCA6B592D07D2DC883B2DB37EED1548A8F69117EE9CA6EB640419FABB12D62F5A59D752001F2090997F69FFE07D8651E0D57B9335CCB520D5C455FD56D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......a{..%..C%..C%..Cnb.B(..Cnb.B...CjfoC"..Cjf.B6..Cjf.B/..Cjf.BO..Cnb.B>..Cnb.B0..C%..CB..C%..C9..C.f.B...C.f.B...C.f.B2..C.fmC$..C%..C$..C.f.B$..CRich%..C........................PE..d...a.tg.........."....".ZF..8......P.@........@..............................b.....u0b...`...................................................Y.......`.......].l.....a.p*...@b.(....;S.p....................<S.(....:S.@............pF.`............................text...?XF......ZF................. ..`.rdata.......pF......^F.............@..@.data...\c...0Y.......Y.............@....pdata..l.....].......\.............@..@_RDATA..\.....`......._.............@..@.rsrc.........`......._.............@..@.reloc..(....@b......Ra.............@..B........................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3430
                                                                                                                Entropy (8bit):3.577875788113156
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                                                                                MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                                                                                SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                                                                                SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                                                                                SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                                                                                Malicious:true
                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                                                                                C:\Program Files\Wildix\WIService\dotnet-dump.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5319784
                                                                                                                Entropy (8bit):6.624489203238988
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:IDTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1OqH:YJbNFF/gV/17sOA
                                                                                                                MD5:1529A91171C5E94E3053B933E4244417
                                                                                                                SHA1:1E7340E648898F396E39F86A5CC37AD396FD4918
                                                                                                                SHA-256:9CC8F2C258EE3E9A0B15D6F289B27EA96992ADBAB92428A04BAE0A258FAF78BD
                                                                                                                SHA-512:3FB39B3B3620B818FFD28932855E397F3EF5AD151CE396A4A650823F711065F49709013D6DED8268A7A29FFD989C372F4AE3C2CAAA7F5D51124E2A39AF05ACFC
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P......e.Q...@.......................................... ................Q.p*...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23812
                                                                                                                Entropy (8bit):5.102231290969022
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                Malicious:false
                                                                                                                Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):14362
                                                                                                                Entropy (8bit):4.18034476253744
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                Malicious:false
                                                                                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):59116
                                                                                                                Entropy (8bit):5.051886370413466
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2278
                                                                                                                Entropy (8bit):4.581866117244519
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):532080
                                                                                                                Entropy (8bit):6.370246167881384
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                                MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                                SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                                SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                                SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                                Category:dropped
                                                                                                                Size (bytes):21225
                                                                                                                Entropy (8bit):3.9923245636306675
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                                MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                                SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                                SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                                SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                                Malicious:false
                                                                                                                Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):919664
                                                                                                                Entropy (8bit):5.991555850090375
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                                MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                                SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                                SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                                SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):856688
                                                                                                                Entropy (8bit):5.596774833480957
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                                MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                                SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                                SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                                SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7996
                                                                                                                Entropy (8bit):5.128824009655858
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                Malicious:false
                                                                                                                Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):940144
                                                                                                                Entropy (8bit):6.458898363798956
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:5pcIN4eGbIp0dMAonEWorRdvfd+Xu6VrZUcu2jRwzjeL7i8XVbsT3zpf3ygLuITz:5pv2OrkeL+8U3zpvyOuARXwo1
                                                                                                                MD5:1DED360B71C4C83EB10B0C08B6597C9E
                                                                                                                SHA1:80CC899D7CC2483B01185CD528210A399C76DBDD
                                                                                                                SHA-256:D9B43DF509EE41A62E74241A541723E309FA5A4470E3132E7DD2C54314DF4E2D
                                                                                                                SHA-512:45616968A18B7789F9256CFD7E2023D6644A34B5F29ADF138E058BBDCDC2231FA3DC37DD28796F85AB1D63E60F9E9C8C010AEE162DAC9031B0E605C463966A78
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d...H.tg.........." ..."..................................................................`..........................................5..p...`6.......`..p........~......p*...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfu

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):306752
                                                                                                                Entropy (8bit):6.141499008290493
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:pgwRUnZJgqtQ4pVbo2Vpm0Uf0iTVeZz7YN5Aq6B0O7G36cPQ6ONU0lOXbu:CzZD0X15Yv8Oq6B0OgPfOy0lKu
                                                                                                                MD5:4F95ADAFA7E0E034EDF87B2BFDC4CDFA
                                                                                                                SHA1:E6422B41682E01BAFC3D36B20F5113F8691D83EA
                                                                                                                SHA-256:45EEC2C2BC825849E9EA8DAC2F2E6EB76353DB498EE74788CDAB82BC7F42625B
                                                                                                                SHA-512:BAB4849A4E5BEC7895CA657C2E642D926DB897987B73E9B615F3C7C35EB58AB0E3E17D7F3EFE4A88382052C0E14F32082804EBC4744724CA4755A9C336500125
                                                                                                                Malicious:false
                                                                                                                Preview:CSR-dfu2..0.....signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2C.......@...................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfu

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):894220
                                                                                                                Entropy (8bit):6.412259430484631
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:byUN9kmRr6Ps+2GfGshqM6LcX95Efz4F0BOU0H3Y4G3GUrBxK8Xzg02/HxKJT:Dr1E+JMycX95EfzD0fexBxK8jX+wx
                                                                                                                MD5:F80C203D2184BE4E9CDA039C517F1556
                                                                                                                SHA1:2FE1E31B80688B88DEF0CF9AD1193C5D41C2645F
                                                                                                                SHA-256:F40F0499B23D21C2C24DB452A5482DBD36957935F593DD4D60935DE2550B1EEB
                                                                                                                SHA-512:A0F7A12F2A600A7796678E1C279D04A88FFF4118A9B4372719E5A1FB674D5EECA993548EEA79C376AB1D872EB6ECD2D8F87C7898C96E11842190EFDF0FCE0040
                                                                                                                Malicious:false
                                                                                                                Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2G...N.......................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):72304
                                                                                                                Entropy (8bit):5.55290876998526
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:Pm17Ztk6tdWavOgwfMwob8tOb6K1L7S1Un:PK7HkQvOgwfT9Sb1fS2n
                                                                                                                MD5:1340C9F8BF2A24074FF43CB663983AC4
                                                                                                                SHA1:3BCF98D2D6FDA3A5BA47BF37F8B462E5683E0BD2
                                                                                                                SHA-256:ED2448275402FD4F4F945B121B386168F0F40DDC09B33CEA0D2C42ABB1C78AE4
                                                                                                                SHA-512:A0022237AA0211659609CF0F2188530C141ED5B7AF994A3A27CACAB6DE71D3D81863DF3E6AEB8661E5A593403439668DF9EAFDB7F0814364960ACC0FF135ECE9
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&......&......&......&...^;..&...&...&......&......&......&......&......&......&..Rich.&..........PE..L.....kQ...........!.....P...........Q.......`......................................P...................................;...pu..x.......d<..............p*..........................................0k..@............`...............................text....M.......P.................. ..`.rdata...%...`...0...`..............@..@.data...(...........................@....rsrc...d<.......@..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):24688
                                                                                                                Entropy (8bit):6.923218305340772
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:CjEds+4wmIm0eAk582ADib6MIysSoQuSE:RdifnX8tOb6MI1L7SE
                                                                                                                MD5:50F7B26074413150020CBBC07323B58D
                                                                                                                SHA1:35AD00A36CF8DBC90E6E38931E6EA14C02BF1440
                                                                                                                SHA-256:683D0127506E21F29F8F3CB51ED6955B39832D19BFADFC0E845AFD58C5738799
                                                                                                                SHA-512:659A23E20AAA062D176AC982A50CFE46B247C13F0F8B05C8F41B8DB0F7637A4102AF79DC4DCEFA0B7890E1DA4DD87E63510634464FDAB4EFF0538AFDEE9845AE
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......]...]...]3$.]...]3$.]...]..]...]3$.]...]...]I..]3$.]...]3$.]...]3$.]...]3$.]...]Rich...]........PE..L.....kQ.....................................0....@..........................p...............................................6..d....`...............6..p*..........................................85..@............0..0............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):490096
                                                                                                                Entropy (8bit):6.084433322393528
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:N6KTZsHDwx0TCAQpFTfnPyFVrCqq/KrnahQ+Nnq0B/aNOjMQpynpPQ:rsHDG0TM6sKGhQ2nq0iQUY
                                                                                                                MD5:A7AF473BDC6493C11CE071B11E324E5A
                                                                                                                SHA1:2788D07F0D5CB3C56E845905A5669603F37159A6
                                                                                                                SHA-256:566DC91237523877C6D5ACA8B5B5E7145937982A5409C78F148E18390DDDE069
                                                                                                                SHA-512:18293FD7C26E00490AACBF0DEBC8A1E05C6734E0546A8F12C3EE8067D232CEAC77DF269237736A956741B4D350852EF33F909600C77B4FE8392F802AB8974840
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-9/.iXA.iXA.iXA..W..mXA.iX@..XA.N.:.lXA...?.hXA.N.<.hXA.N.,.fXA.N./..XA.N.;.hXA.N.=.hXA.N.9.hXA.RichiXA.........PE..L...I..M...........!.........@......DT............L|................................[b....@.............................c ..d...d....................P..p*.............................................@...............................H............text....x.......................... ..`.rdata..cX.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..N$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):559728
                                                                                                                Entropy (8bit):6.452474379327697
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:XZY4lOHMwLwXBt+iaKst/Ua/hUgiW6QR7t5j3Ooc8NHkC2eWzp:XZY4lOHMM8wifstjj3Ooc8NHkC2eep
                                                                                                                MD5:E353CFB37F8EBCAA044FEF89AD1B59F3
                                                                                                                SHA1:F751BB2E7ED3DF10EADC73A780798C94D2EC10D8
                                                                                                                SHA-256:81EEFF257350C01742D16971501A54755A97DD441FF91E912958F068C1763448
                                                                                                                SHA-512:6D6CFE50E3DC87D45F25000FC992ACD3CF564A5CC928FFA3BEB99E799F528618174DE042EDCB31A73AA736CE69159A690B8D532CA1134D11134AA85F06293FE5
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p......#.....@.............................L...T...<....................`..p*... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):637552
                                                                                                                Entropy (8bit):6.8685472952194955
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:fxzh9hH5RVKTp0G+vphr46CIFt0yZmGyYG/q:fph9hHzVKOpRFHmGyY2q
                                                                                                                MD5:D0DE1837CAAEDD6D0EB2E7DFE3A16601
                                                                                                                SHA1:FF8729A83E98CA5DFC09C8BE65FCE9C45DB536A2
                                                                                                                SHA-256:B6C7F4CB86FFA0CB076C55D659F390DF2F62A6D3FA5A896281A43E6109F77DEB
                                                                                                                SHA-512:44C02013F4D5569F35E89C783BCC2B14C3F79FE61011656FE15B57846E99343F404C3057A006D45B83678DCFBAE269E9555D6A946A355CC47D24E5AD00F33AB3
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x.................................F....@..........................q...~..Pc..<....`..................p*...p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):701552
                                                                                                                Entropy (8bit):6.836069284857721
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:th1wtmDyLuDTFn3nLjTwDFbT82hs8mVY/P3WaNi6nS4zAEgMWPznF9SHaneX:n1wtmDyLghn3nLjYFbIv8d/fs6S4zA/u
                                                                                                                MD5:E14902AD1CF232867326AF9C91830B51
                                                                                                                SHA1:772FF493E1DD52B4B9399841E7DF7FCADFDD2A26
                                                                                                                SHA-256:DA7C567F81C6E5206858B9C3AD844950CE804CD42FD26823A862D6C8D413A558
                                                                                                                SHA-512:0DBB5438D6B448283ED379793DB205FC2E481144BC5BE6D91A54B1F9912E5C813341ED1AB53DDDD6715A64085A3FFA9BF97A07CADBE64E7228F142CE8182C0E6
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gR.......................W.............#.............u.................Rich............PE..L..."..N...........!................r..............o......................................@.........................H ...t...........p..................p*.......2..X...8...........................p...@...x........................................text............................... ..`.data....h.......d..................@....rsrc........p.......R..............@..@.reloc...2.......4...V..............@..Bb..N.......N....a..N....a..N$...b..NH...a..Ni...b..N....a..N....a..N....b..N.......N....b..N....b..N=...b..Ne...b..N....b..N....b..N....b..N....a..N#......N....b..NM......N....b..Np...a..N.......N....b..N....a..N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core-Console-L1-1-0.dll.API-MS-Win-Core-DateTime-L1-1-0.dll.API-MS-Win-Core-Debug-L1-1-0.dll.API-MS-

                                                                                                                C:\Program Files\Wildix\WIService\proxyex.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Dec 31 14:42:44 2024, mtime=Mon Jan 13 15:03:46 2025, atime=Tue Dec 31 14:42:44 2024, length=16788080, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):928
                                                                                                                Entropy (8bit):4.610850971697315
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:8xGm2C0YX/i1h9SGibdpF44YIjHoEw4r/Kp/jAw3lPDRbbdpo82XhoqiqmV:8xGZ8bdDPuA+BdWhoTqm
                                                                                                                MD5:C870615BDD6804DF5D16C88766340A4B
                                                                                                                SHA1:5D9D4A62434E6A6577653825E580BC7FBC9B3E58
                                                                                                                SHA-256:448FC4092DF8DB2486A2B00C3C73E71FD89F7C91A2ADEC4F796CC434462D2626
                                                                                                                SHA-512:689749480ECDE07433A1538B2D5A9D2FC672A7271727006D7D379F8C8E5B0CFB4680D87D924677D9C93559B174355EAA8443113C2DD392B8FE1E3412D266F161
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.... ........[..)?...e.......[..p*...........................P.O. .:i.....+00.../C:\.....................1.....-Zi...PROGRA~1..t......O.I-Zi.....B...............J.......R.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....-Zi...Wildix..>......-Zi.-Zi.............................R.W.i.l.d.i.x.....\.1.....-Zu...WISERV~1..D......-Zi.-Zu............................j,.W.I.S.e.r.v.i.c.e.....h.2.p*...YV} .WISERV~1.EXE..L......YV}-Zl...............................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......].............X.....C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......374653...........hT..CrF.f4... ..?......-...-$..hT..CrF.f4... ..?......-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                C:\Program Files\Wildix\WIService\resources\cdr.db

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039004, page size 1024, file counter 3247, database pages 22038, cookie 0x1c6, schema 4, UTF-8, version-valid-for 3247
                                                                                                                Category:dropped
                                                                                                                Size (bytes):22566912
                                                                                                                Entropy (8bit):6.156856755685782
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:LweRjXxSuAId92j0CeSg0np8atm8SsANGC1KuD1+U68rNMgT9A4VMD5uuTopBtlw:DyhI8GUp8atPOG6VhvcgIHRH
                                                                                                                MD5:3241A121BCF26F5E8B36663E3056B2CA
                                                                                                                SHA1:FAF689142817E79961EE45D61D40EF0204488D89
                                                                                                                SHA-256:DE37FC1A3B827F05BFF563D523CBA8007272462C24C9C1939F9B1FD13F789088
                                                                                                                SHA-512:03530AE86E5342FF84494BEF17EEDE041D918A0193357711076649493B9020A5729CCF0737BD226B8A32ED7D88E342316050DEE9C8CD13A3AE281C2B7FE2C562
                                                                                                                Malicious:false
                                                                                                                Preview:SQLite format 3......@ ......V..................................................................._...........V.............................................................................................................................................>.......StableFILTERSFILTERS.CREATE TABLE FILTERS (...ID BIGINT NOT NULL,...NAME VARCHAR(128) NOT NULL,...DESCRIPTION CLOB(2147483647),...STATE CLOB(2147483647) NOT NULL,...PRIMARY KEY (ID)..)-...A...indexsqlite_autoindex_FILTERS_1FILTERS.........w...##..5tableEVENTS_TAGSEVENTS_TAGS.CREATE TABLE EVENTS_TAGS (...EVENT_ID INTEGER NOT NULL,...TAG_ID INTEGER NOT NULL..).n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARCHAR(2...86...+,.

                                                                                                                C:\Program Files\Wildix\WIService\websocket-sharp.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):261232
                                                                                                                Entropy (8bit):5.839129701085833
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:8LixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC51E:Dn8nDenoRXoJF3bqEiyzZ5m1FsgUNu1
                                                                                                                MD5:B43803E3279FAB53E4393FBBF40B1949
                                                                                                                SHA1:ACA0E59D227808534303708354D2FD4AA2B356DB
                                                                                                                SHA-256:2B2E4F436377B7770071FD387ABE01B9D7088214E43718C9827D82E4BEA31BE6
                                                                                                                SHA-512:ECFBB03CAC1203927A6E21267C8198A62B359CCCF2A3E0EF4D9AA3C0B0A075F43D0E6B7FFFE2E225A170ABBA122BC62FF38A8682E64886CEDDF6B0236CE325A8
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@......{.....@.................................,...O.......................p*... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                                                                                C:\Program Files\Wildix\WIService\wildix-oi.ico

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                                                                Category:dropped
                                                                                                                Size (bytes):175221
                                                                                                                Entropy (8bit):3.6057445859805903
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                                                                                MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                                                                                SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                                                                                SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                                                                                SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                                                                                Malicious:false
                                                                                                                Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                                                                                C:\Program Files\Wildix\WIService\wildix.ico

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                                Category:dropped
                                                                                                                Size (bytes):99667
                                                                                                                Entropy (8bit):6.776502745804188
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                                                                                MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                                                                                SHA1:965419910C1929CF695C530456950616B85596C5
                                                                                                                SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                                                                                SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                                                                                Malicious:false
                                                                                                                Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                                                                                C:\Program Files\Wildix\WIService\wiservice.exe

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):16788080
                                                                                                                Entropy (8bit):6.685932138686767
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:196608:cuNY9QWMli9PtASPB28MjMwKQLiUrqu3he/a86CDkG:cuCWi9PtxBzQLNR0a8/DkG
                                                                                                                MD5:D62710F3678538E483FFC7EA112D7F68
                                                                                                                SHA1:54212AF34D394BEF6620C2D2CBB874660EBBE523
                                                                                                                SHA-256:0F4903937AD02B65A212319365DE974F7B6529201343271B2E4CEC76A03522EB
                                                                                                                SHA-512:81CE8E21FB80EDD29CDCF890FF694D3D4FB5242B18EB7DDD882AC46978B259D27F636914A0F059556FBE9D8EA7A3103EDF1C6AC6300F81C2891EFBE90B3F6F43
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........5...f...f...f..g...f..gZ..f..zf...f..g...f..g...f..g...f..g...f..g...f...f...f...f...fp.g...fp.g...fp.g...fp.xf...f...f...fp.g...fRich...f................PE..d.....tg.........."....".p....R......>.........@.............................P......O.....`..................................................|..X....p..0...............p*...@..........p.......................(...p...@...............h............................text...*o.......p.................. ..`.rdata...V9......X9..t..............@..@.data...............................@....pdata..............................@..@_RDATA..\....`....... ..............@..@.rsrc...0....p......."..............@..@.reloc.......@......................@..B................................................................................................................................................................

                                                                                                                C:\Program Files\Wildix\WIService\x-bees.ico

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                Category:dropped
                                                                                                                Size (bytes):207760
                                                                                                                Entropy (8bit):6.4085333829790425
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:4xJ/R9PV9qWAEWgX+RyhJs1DC0/R2eGHSWCICTDCqK79yUiG7F3kzudR1aw9M0TU:4n/R999qWAEWgX+RyhJsVC0/R2eGHSWU
                                                                                                                MD5:F214B5E008F3D23F4F01951247BAE991
                                                                                                                SHA1:DB7928B37992CD0635AB5FC1E89547C6BE813B55
                                                                                                                SHA-256:CED79B247B0C8DE449312B7CF5690E8E9DA968F22CC722DA70124BDF2A84C427
                                                                                                                SHA-512:FA5211DF2922ABC3C5091E2098DF5FAD9681E2CDC8A3287AEC49F8694B11B776A2001DED052995A34E5EF52B55A207E6069393DD9BAAEFB82CEFC98824BC7774
                                                                                                                Malicious:false
                                                                                                                Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ .:...Vx..(....... ..... .........%...%........................................................................................................................................................................)B..)B............................. ........................#3..R...U..."1........................."...!... ................Dt..]...a...Jw.........................$....!(..0O...H......*;..l...m...r...z...):......5I..;R... .....%....L...i...m...Q...$...Fo..S...U...Kq.."+..i...........w......(....>l..l...v...x...Iu..n...v...{...y...Tz..............Ut.....*...' ...=a..k.......m...?[..b...d...B\..............Ke.........+!..* ..)..."*2..R...a...e...........m...r...b...'..............-"..,!..* ..)...'...#"!..Y...o...s..._........................../$...#..,!..* ..)...'....F^..........H^.........................1%../$...#..,!..* ..)....Ni..........Ph.!.

                                                                                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 31 14:43:18 2024, mtime=Mon Jan 13 15:03:41 2025, atime=Tue Dec 31 14:43:18 2024, length=162168, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1955
                                                                                                                Entropy (8bit):3.4105393047412074
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:8dk8bdDvGm6Y94SEyARhdahidVdahBufdahchBm:8rdzGmJ9nERRhdahidVdahB2dahK
                                                                                                                MD5:EA77FAE2B036D578979D429AE8F28FA2
                                                                                                                SHA1:EC410D409FCF7AB3B2143C922A3E3425C62F9900
                                                                                                                SHA-256:C8F1943E7BA769CD122E6CA77DF3C2614AE5FCB15C38C5464126D95088C11CDB
                                                                                                                SHA-512:2582DC7C05CA3014873FD8FBC94A3B995AB0E7C8AC445C3C35B68AAA3D558C5AD09EA7853C295E79AEDA1E9BBD1C80D7D926F87CA4547C43B8BE309CFECFCDD5
                                                                                                                Malicious:false
                                                                                                                Preview:L..................F.@.. .....Y..[..I....e....Y..[..xy...........................P.O. .:i.....+00.../C:\.....................1.....-Zi...PROGRA~1..t......O.I-Zi.....B...............J.......R.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....-Zi...Wildix..>......-Zi.-Zi.............................R.W.i.l.d.i.x.....\.1.....-Zu...WISERV~1..D......-Zi.-Zu............................j,.W.I.S.e.r.v.i.c.e.....z.2.xy...Yi} .UNINST~1.EXE..^......Yi}-Zu...............................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f.............X.....C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                                                                                C:\ProgramData\Wildix\WIService\displog.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2393
                                                                                                                Entropy (8bit):5.188727917182659
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:3HBBR+viKR+gjHR+GRlz3GdzlUGQ+Gr8GCXNlAc+o8Sj+QGw3J5ePfwxTDmtNP2U:U0coe2dxKrLCXcoz37ePIkP2L8DP+J8R
                                                                                                                MD5:DA7082320BF9215BC154CCCCB27CFE11
                                                                                                                SHA1:3AB5FA5FBB54C5EA461F632BB51080738B94CBC4
                                                                                                                SHA-256:EBBD8EFA56ED55381A1FB5FFF40103E6E38B3DD74D9DAD988A9570D0DA0257E0
                                                                                                                SHA-512:3A252DE9A552FF8B83C3301B123308567C669EE62C09792D2612CA6CEF503A05A0803C149F3CEC042F021D6A8A2894DBFD7677433D7C1500D4FAA5F0C3FA9868
                                                                                                                Malicious:false
                                                                                                                Preview:13/01/2025 11:03:47.073363|00001|info |DispatcherServiceImpl.cpp:27 (main) ------------..13/01/2025 11:03:47.073363|00001|info |DispatcherServiceImpl.cpp:28 (main) WIService Dispatcher 3.19.1.1 (Dec 31 2024 15:38:51)..13/01/2025 11:03:47.073363|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..13/01/2025 11:03:47.073363|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..13/01/2025 11:03:47.073363|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..13/01/2025 11:03:47.073363|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz x64..13/01/2025 11:03:47.073363|00001|info |DispatcherServiceImpl.cpp:30 (main) base dir: C:\Program Files\Wildix\WIService..13/01/2025 11:03:47.088992|00001|info |DispatcherServiceImpl.cpp:31 (main) writable dir: C:\ProgramData\Wildix\WIService..13/01/2025 11:03:47.088992|00001|info |DispatcherServiceImpl.cpp:32

                                                                                                                C:\ProgramData\Wildix\WIService\dissettings.json

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):56
                                                                                                                Entropy (8bit):4.355851127144314
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                                MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                                SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                                SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                                SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                                Malicious:false
                                                                                                                Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                                C:\ProgramData\Wildix\WIService\dissettings.json.backup

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):56
                                                                                                                Entropy (8bit):4.355851127144314
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                                MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                                SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                                SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                                SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                                Malicious:false
                                                                                                                Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                                C:\ProgramData\Wildix\WIService\svclog.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with very long lines (319), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1834
                                                                                                                Entropy (8bit):5.307501365110871
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:KGHA75pbLTjGWCXhH8+vTmX9ogg+qTQYHoggy:KGHA75pnTjRiJ8SqonRcaony
                                                                                                                MD5:E66332EB9677F30DF82D130DCE33ADF8
                                                                                                                SHA1:74AFB5A3F4A1C236C07A2E1EB6F41D468055CC74
                                                                                                                SHA-256:668FB4C63855C12C6693D1561896EAE1E0083BBCBC26450F4DFD2B2B34334FFB
                                                                                                                SHA-512:E1A5B9B835D082FE395E92719E071CAD26E275677DFA5539010FF9ABF98988819BE71C9125C33B5030A3EA577744BAAB78E77AF8F2194FE27A2F459AE97B14DC
                                                                                                                Malicious:false
                                                                                                                Preview:13/01/2025 11:03:46.475500|00001|info |WinHostServiceImpl.hpp:26 (host_svc) ------------..13/01/2025 11:03:46.475500|00001|info |WinHostServiceImpl.hpp:27 (host_svc) WIService Svc 3.19.1.1..13/01/2025 11:03:46.475500|00001|info |WinHostServiceImpl.hpp:28 (host_svc) debugger is not attached..13/01/2025 11:03:46.475500|00001|info |WinHostServiceImpl.hpp:29 (host_svc) starting windows service host..13/01/2025 11:03:46.475500|00002|info |WinHostServiceImpl.hpp:57 (svc_main) starting service..13/01/2025 11:03:46.475500|00002|info |WinServiceImpl.cpp:16 (svc_main) killing all non userspace wiservices..13/01/2025 11:03:46.600511|00002|warn |WinServiceImpl.cpp:31 (svc_main) !WARNING! detected 1 system wiservices..13/01/2025 11:03:46.616134|00002|info |WinServiceImpl.cpp:33 (svc_main) killing wiservice 6032..13/01/2025 11:03:46.616134|00002|info |WinServiceImpl.cpp:110 (svc_main) service has been started..13/01/2025 1

                                                                                                                C:\ProgramData\Wildix\WIService\updater.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):630
                                                                                                                Entropy (8bit):4.889699934265082
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:yQX7yt0GuQX7BuNxUSUyBuNxk2XpBuNxLxy:NG0yH9B
                                                                                                                MD5:FE419C734B2D370844AC38D21E47B986
                                                                                                                SHA1:CC9ECC3A719B1A622259CCC6F7D6F258706E2D41
                                                                                                                SHA-256:437A880E0656B60E49331AFB4003585C9980F1CCAD21B36C38D71332D056A6E4
                                                                                                                SHA-512:60D6FE1083B4ECB1233C7486587D72A9F485F07F9A48769C85FA810F17157D85C9AA1E98CA48AD3F1E20749A69C7999E0FE785EE729096307CE855F457AF1F6B
                                                                                                                Malicious:false
                                                                                                                Preview:13/01/2025 11:03:43.134736|00001|info |Updater.cpp:32 (Updater) Starting updater... Update dir: C:\Program Files\Wildix\updates..13/01/2025 11:03:43.134736|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/integrations.json..13/01/2025 11:03:44.384725|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/applications.json..13/01/2025 11:03:45.962841|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/x-beesNativeApp.json..

                                                                                                                C:\ProgramData\Wildix\WIService\wwdlog.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1990
                                                                                                                Entropy (8bit):5.142132288203181
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:O1b1pwccKO1C90zzd7torQ1svhyF8cybpcyIn1W:QJpwccNDJtbs0Fo9+W
                                                                                                                MD5:BEA041D42964F513A63ED0059496E672
                                                                                                                SHA1:9138E44C95D692BA3B4501589C8C60F224B58275
                                                                                                                SHA-256:05749B0DE2A14C44EB4809606D80A06C090F63F242E68C63F1FC15E66D5C4FB0
                                                                                                                SHA-512:C68B682B4C1FE8F453E8E2D1CAB64A9D65516577102A9689BCA7D2B1C0DEA8AD2953CC639D2BB5C185C0CA4F7D61A36838D93F83E522BAFFB0AF4DA99D091EC4
                                                                                                                Malicious:false
                                                                                                                Preview:13/01/2025 11:03:47.095778|00001|info |WatchdogServiceImpl.cpp:36 (main) ------------..13/01/2025 11:03:47.095778|00001|info |WatchdogServiceImpl.cpp:37 (main) WIService Watchdog 3.19.1.1 (Dec 31 2024 15:38:51)..13/01/2025 11:03:47.095778|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..13/01/2025 11:03:47.095778|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..13/01/2025 11:03:47.095778|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..13/01/2025 11:03:47.095778|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz x64..13/01/2025 11:03:47.095778|00001|info |WatchdogServiceImpl.cpp:39 (main) base dir: C:\Program Files\Wildix\WIService..13/01/2025 11:03:47.095778|00001|info |WatchdogServiceImpl.cpp:40 (main) writable dir: C:\ProgramData\Wildix\WIService..13/01/2025 11:03:47.095778|00001|info |WatchdogServiceImpl.cpp:41

                                                                                                                C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):56
                                                                                                                Entropy (8bit):4.355851127144314
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                                MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                                SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                                SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                                SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                                Malicious:false
                                                                                                                Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                                C:\ProgramData\Wildix\WIService\wwdsettings.json.backup

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):56
                                                                                                                Entropy (8bit):4.355851127144314
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                                MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                                SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                                SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                                SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                                Malicious:false
                                                                                                                Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                                                                                Download File
                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):42
                                                                                                                Entropy (8bit):4.0050635535766075
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                Malicious:false
                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):12288
                                                                                                                Entropy (8bit):5.814115788739565
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\modern-header.bmp

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                                                                Category:dropped
                                                                                                                Size (bytes):28326
                                                                                                                Entropy (8bit):2.5710862958427496
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                                                                MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                                                                SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                                                                SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                                                                SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                                                                Malicious:false
                                                                                                                Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\modern-wizard.bmp

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                Category:dropped
                                                                                                                Size (bytes):26494
                                                                                                                Entropy (8bit):1.9568109962493656
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                Malicious:false
                                                                                                                Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsDialogs.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):9728
                                                                                                                Entropy (8bit):5.158136237602734
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                                                                MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\nsExec.dll

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7168
                                                                                                                Entropy (8bit):5.298362543684714
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
                                                                                                                MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                                                                SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                                                                SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                                                                SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wiscfg.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):38
                                                                                                                Entropy (8bit):3.8924071185928772
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:z0Nc4Ac+q:wNcLc+q
                                                                                                                MD5:79BC2DAD2D6C0232998EF454D71C4DBD
                                                                                                                SHA1:6A026317AC5B65340BA4F744E7DE9631EA25D504
                                                                                                                SHA-256:19C594461EC7DE3526592D1666788F41B5286995BD1BCAE55D05E84714531E1A
                                                                                                                SHA-512:E8BDEF565DB12684DEAC6E98875419056A7BA790228720D87338913C2D871187493AAAC1F8267CC91EE43102419EB8A7792D256C2E89703707C4F0AC89248B78
                                                                                                                Malicious:false
                                                                                                                Preview:websocket:8888;lotus:9901;oiwss:8888..

                                                                                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wislog.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with very long lines (451), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):10109
                                                                                                                Entropy (8bit):5.418690833848219
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:S1u5tjbhU4b5Z6asN23phUQQb0Fb2zItb3uzV2uoObOEb3ObSbJBIMp:S8vjbhU4dZ6gQQFHtAVmOaEib4EMp
                                                                                                                MD5:62D434A5FDE2015C5417C27B6EC31062
                                                                                                                SHA1:39108C05D5633331EC27BA56F62AED2322CCD843
                                                                                                                SHA-256:81D4A5D842333F008E55CBFE8A5748B4E9C8946D2C86EDA56D8512F378FD7AFB
                                                                                                                SHA-512:DDA5C81ED9841B06C3C5F2BD8684D4015BA739C8569DB1E8E5E37E3AB85DA49BB5F34036E49C27E08CB9E1249D4FED039C387D7249B7C521C63C74C01EC7F7F1
                                                                                                                Malicious:false
                                                                                                                Preview:13/01/2025 11:03:51.014559|00001|info |WebSocketServiceImpl.cpp:43 (main) ------------..13/01/2025 11:03:51.014559|00001|info |WebSocketServiceImpl.cpp:44 (main) WIService 3.19.1.1 (Dec 31 2024 15:38:52)..13/01/2025 11:03:51.014559|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..13/01/2025 11:03:51.014559|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..13/01/2025 11:03:51.014559|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..13/01/2025 11:03:51.014559|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz x64..13/01/2025 11:03:51.014559|00001|info |UtilsInternal.cpp:45 (main) websocket info: WebSocket++/0.8.2..13/01/2025 11:03:51.014559|00001|info |UtilsInternal.cpp:46 (main) ssl info: OpenSSL 1.1.1u 30 May 2023..13/01/2025 11:03:51.014559|00001|info |WebSocketServiceImpl.cpp:47 (main) base dir: C:\Progra

                                                                                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):796
                                                                                                                Entropy (8bit):4.668985662434861
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:JMZWmv5jOu/l1Kah1QDQvQXi/U+1q8hOK8:2sm9OQPzsgQy/RJ8
                                                                                                                MD5:A6CCB40811045DAE08B24BF0D19FF90B
                                                                                                                SHA1:65B888BE9974D55BA91281F6D2FCB2FA7F637034
                                                                                                                SHA-256:2E17E8B04D4007DEAC2AED74F7911754660CC0EBB48AEAEC8AF75E58070D4F51
                                                                                                                SHA-512:4805C05619CD787672184D55ECC8710D46FE1B3426BDE7815258A7F27897F9F4582133C50E1A5D740AE1CBD8188D37872E364220E89AEBC8794D5FE2035AE1B1
                                                                                                                Malicious:false
                                                                                                                Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {. "outlook_presence": {. "host": "localhost",. "lastConnect": 1736788692,. "link": "https://localhost/outlook_presence",. "port": 0,. "secure": true,. "version": "3.19.1". },. "outlook_sync": {. "lastConnect": 1736788690,. "version": "". }. },. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "headset": {},. "hotkeys": {. "actions": {. "call": "F11". },. "requirements": {}. },. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "6ae60af2-d074-481c-9959-3bd22cdd3abb",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                                C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:modified
                                                                                                                Size (bytes):796
                                                                                                                Entropy (8bit):4.668985662434861
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:JMZWmv5jOu/l1Kah1QDQvQXi/U+1q8hOK8:2sm9OQPzsgQy/RJ8
                                                                                                                MD5:A6CCB40811045DAE08B24BF0D19FF90B
                                                                                                                SHA1:65B888BE9974D55BA91281F6D2FCB2FA7F637034
                                                                                                                SHA-256:2E17E8B04D4007DEAC2AED74F7911754660CC0EBB48AEAEC8AF75E58070D4F51
                                                                                                                SHA-512:4805C05619CD787672184D55ECC8710D46FE1B3426BDE7815258A7F27897F9F4582133C50E1A5D740AE1CBD8188D37872E364220E89AEBC8794D5FE2035AE1B1
                                                                                                                Malicious:false
                                                                                                                Preview:{. "activityDetection": {. "enable": false,. "interval": 0. },. "activity_detection_force_disable": false,. "authorizedApps": {. "outlook_presence": {. "host": "localhost",. "lastConnect": 1736788692,. "link": "https://localhost/outlook_presence",. "port": 0,. "secure": true,. "version": "3.19.1". },. "outlook_sync": {. "lastConnect": 1736788690,. "version": "". }. },. "connection_issue": "none",. "ext": "",. "feedbackEmail": "",. "garbage_lifespan_days": 14,. "headset": {},. "hotkeys": {. "actions": {. "call": "F11". },. "requirements": {}. },. "http_max_threads": 4,. "log_level": "info",. "log_max_kb": 10240,. "log_str": "6ae60af2-d074-481c-9959-3bd22cdd3abb",. "pbx": "",. "setIconTryCount": 0.}

                                                                                                                C:\Windows\System32\drivers\etc\hosts

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):857
                                                                                                                Entropy (8bit):4.712765723284222
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                                                                MD5:9AC77B45979A66F73EDB70B72908A616
                                                                                                                SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                                                                SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                                                                SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                                                                Malicious:true
                                                                                                                Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7996
                                                                                                                Entropy (8bit):5.128824009655858
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                Malicious:false
                                                                                                                Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23812
                                                                                                                Entropy (8bit):5.102231290969022
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                Malicious:false
                                                                                                                Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):14362
                                                                                                                Entropy (8bit):4.18034476253744
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                Malicious:false
                                                                                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):59116
                                                                                                                Entropy (8bit):5.051886370413466
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2278
                                                                                                                Entropy (8bit):4.581866117244519
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):532080
                                                                                                                Entropy (8bit):6.370246167881384
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                                MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                                SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                                SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                                SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):919664
                                                                                                                Entropy (8bit):5.991555850090375
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                                MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                                SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                                SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                                SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):856688
                                                                                                                Entropy (8bit):5.596774833480957
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                                MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                                SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                                SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                                SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):19336
                                                                                                                Entropy (8bit):4.312180794862161
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqecM+Pu7HnjtoX2PSuNip:T6+LU832tzd+pnM+Pu7HGX2quNu
                                                                                                                MD5:42952F9CA5587C428EC9903387A02B8D
                                                                                                                SHA1:9522AEB7C2254FE643CB19C4E215AC05B1B6D638
                                                                                                                SHA-256:10F6033868215ACBD4715ED04D20A2F714D1BCA06B571D6A3BF4B1818D019E49
                                                                                                                SHA-512:19E61FF6D5CBE678F89926F753ADDE12054A2EAD8040A45B8AA8E13095A563BC514BBCB1E48624F8FE53AE064EBA51BAC716550D9028E2D9EFB2F8AF04BD2EC3
                                                                                                                Malicious:false
                                                                                                                Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                                                                                C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7996
                                                                                                                Entropy (8bit):5.128824009655858
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                Malicious:false
                                                                                                                Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23812
                                                                                                                Entropy (8bit):5.102231290969022
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                Malicious:false
                                                                                                                Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):14362
                                                                                                                Entropy (8bit):4.18034476253744
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                Malicious:false
                                                                                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):59116
                                                                                                                Entropy (8bit):5.051886370413466
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2278
                                                                                                                Entropy (8bit):4.581866117244519
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):532080
                                                                                                                Entropy (8bit):6.370246167881384
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                                MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                                SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                                SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                                SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):919664
                                                                                                                Entropy (8bit):5.991555850090375
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                                MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                                SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                                SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                                SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\System32\spool\drivers\x64\unires.dll

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):856688
                                                                                                                Entropy (8bit):5.596774833480957
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                                MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                                SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                                SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                                SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                C:\Windows\System32\wfaxport.dll

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):940144
                                                                                                                Entropy (8bit):6.458898363798956
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:5pcIN4eGbIp0dMAonEWorRdvfd+Xu6VrZUcu2jRwzjeL7i8XVbsT3zpf3ygLuITz:5pv2OrkeL+8U3zpvyOuARXwo1
                                                                                                                MD5:1DED360B71C4C83EB10B0C08B6597C9E
                                                                                                                SHA1:80CC899D7CC2483B01185CD528210A399C76DBDD
                                                                                                                SHA-256:D9B43DF509EE41A62E74241A541723E309FA5A4470E3132E7DD2C54314DF4E2D
                                                                                                                SHA-512:45616968A18B7789F9256CFD7E2023D6644A34B5F29ADF138E058BBDCDC2231FA3DC37DD28796F85AB1D63E60F9E9C8C010AEE162DAC9031B0E605C463966A78
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d...H.tg.........." ..."..................................................................`..........................................5..p...`6.......`..p........~......p*...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                                                                                C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7996
                                                                                                                Entropy (8bit):5.128824009655858
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                                MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                                SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                                SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                                SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                                Malicious:false
                                                                                                                Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23812
                                                                                                                Entropy (8bit):5.102231290969022
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                                MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                                SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                                SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                                SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                                Malicious:false
                                                                                                                Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):14362
                                                                                                                Entropy (8bit):4.18034476253744
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                                MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                                SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                                SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                                SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                                Malicious:false
                                                                                                                Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):59116
                                                                                                                Entropy (8bit):5.051886370413466
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                                MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                                SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                                SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                                SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2278
                                                                                                                Entropy (8bit):4.581866117244519
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                                MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                                SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                                SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                                SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                                Malicious:false
                                                                                                                Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):532080
                                                                                                                Entropy (8bit):6.370246167881384
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                                MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                                SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                                SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                                SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):919664
                                                                                                                Entropy (8bit):5.991555850090375
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                                MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                                SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                                SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                                SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\spoolsv.exe
                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):856688
                                                                                                                Entropy (8bit):5.596774833480957
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                                MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                                SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                                SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                                SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                Entropy (8bit):7.9950288299075
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                File name:3.19.1+SetupWIService.exe
                                                                                                                File size:25'539'800 bytes
                                                                                                                MD5:a7046c3136192e6e7b5180728b3b3b49
                                                                                                                SHA1:80c172f4b988b75b9078ecfe6a40d92f353b6c73
                                                                                                                SHA256:aedddd8ca924f5ff05651559d4b13895085af42b90ef304f9ea1d8d641a8fb21
                                                                                                                SHA512:ca3db1ee665ad577cd57ebb9ef066529990980cc7e09fc07314beda839a94ce1a39c532db308aabd856bc27418b522ea7b4c0019b81917920a30ef157f4a6f6a
                                                                                                                SSDEEP:786432:MfbPh8XVA26nyfuRtRGRQ5J9fvBAKBZH+DO:MfrhSZN+yRqJ9fpeDO
                                                                                                                TLSH:1D47338DA1115367D8714630E2264F5FB2AB71ACCA734CB34703742FCB53BA7A21B999
                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                File Icon

                                                                                                                Icon Hash:336cacadb2965513

                                                                                                                Static PE Info

                                                                                                                General

                                                                                                                Entrypoint:0x40352d
                                                                                                                Entrypoint Section:.text
                                                                                                                Digitally signed:true
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows gui
                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:4
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:4
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:4
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                Authenticode Signature

                                                                                                                Signature Valid:true
                                                                                                                Signature Issuer:CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                Error Number:0
                                                                                                                Not Before, Not After
                                                                                                                • 08/11/2024 02:02:16 08/11/2027 02:02:15
                                                                                                                Subject Chain
                                                                                                                • CN=Wildix O\xdc, O=Wildix O\xdc, STREET="Laeva tn., 2", PostalCode=10111, L=Tallinn, S=Harju maakond, C=EE, SERIALNUMBER=12915667, OID.1.3.6.1.4.1.311.60.2.1.1=Tartu, OID.1.3.6.1.4.1.311.60.2.1.2=Tartu maakond, OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization
                                                                                                                Version:3
                                                                                                                Thumbprint MD5:8D242122DFF67487607F2D0420C749C0
                                                                                                                Thumbprint SHA-1:2DA714C0EA5669329B9CB729381362B9741E2F0F
                                                                                                                Thumbprint SHA-256:BB6DCF27CB6D1C9AA885B52FEF8532723B899FC11E7527553389E40571B11117
                                                                                                                Serial:7625A04AF8C3CA38783A5126728CA6F5

                                                                                                                Entrypoint Preview

                                                                                                                Instruction
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                sub esp, 000003F4h
                                                                                                                push ebx
                                                                                                                push esi
                                                                                                                push edi
                                                                                                                push 00000020h
                                                                                                                pop edi
                                                                                                                xor ebx, ebx
                                                                                                                push 00008001h
                                                                                                                mov dword ptr [ebp-14h], ebx
                                                                                                                mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                mov dword ptr [ebp-10h], ebx
                                                                                                                call dword ptr [004080CCh]
                                                                                                                mov esi, dword ptr [004080D0h]
                                                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                                                push eax
                                                                                                                mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                mov dword ptr [ebp-2Ch], ebx
                                                                                                                mov dword ptr [ebp-28h], ebx
                                                                                                                mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                call esi
                                                                                                                test eax, eax
                                                                                                                jne 00007F1A3C80407Ah
                                                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                                                mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                push eax
                                                                                                                call esi
                                                                                                                mov ax, word ptr [ebp-0000012Ch]
                                                                                                                mov ecx, dword ptr [ebp-00000112h]
                                                                                                                sub ax, 00000053h
                                                                                                                add ecx, FFFFFFD0h
                                                                                                                neg ax
                                                                                                                sbb eax, eax
                                                                                                                mov byte ptr [ebp-26h], 00000004h
                                                                                                                not eax
                                                                                                                and eax, ecx
                                                                                                                mov word ptr [ebp-2Ch], ax
                                                                                                                cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                jnc 00007F1A3C80404Ah
                                                                                                                and word ptr [ebp-00000132h], 0000h
                                                                                                                mov eax, dword ptr [ebp-00000134h]
                                                                                                                movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                mov dword ptr [00434FB8h], eax
                                                                                                                xor eax, eax
                                                                                                                mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                movzx eax, ax
                                                                                                                or eax, ecx
                                                                                                                xor ecx, ecx
                                                                                                                mov ch, byte ptr [ebp-2Ch]
                                                                                                                movzx ecx, cx
                                                                                                                shl eax, 10h
                                                                                                                or eax, ecx

                                                                                                                Rich Headers

                                                                                                                Programming Language:
                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                Data Directories

                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x191f8.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x1858a680x2a70
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                Sections

                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .ndata0x360000x210000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .rsrc0x570000x191f80x19200ed1f2dbc21e812ed07baa21108fd923eFalse0.703076414800995data6.749045274445358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                Resources

                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_ICON0x574000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004359288398066
                                                                                                                RT_ICON0x630300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.34671705243268774
                                                                                                                RT_ICON0x672580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3989626556016598
                                                                                                                RT_ICON0x698000x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.43402366863905323
                                                                                                                RT_ICON0x6b2680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5145403377110694
                                                                                                                RT_ICON0x6c3100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.6281982942430704
                                                                                                                RT_ICON0x6d1b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5819672131147541
                                                                                                                RT_ICON0x6db400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7518050541516246
                                                                                                                RT_ICON0x6e3e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.6302325581395349
                                                                                                                RT_ICON0x6eaa00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.7427745664739884
                                                                                                                RT_ICON0x6f0080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6586879432624113
                                                                                                                RT_ICON0x6f4700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.46236559139784944
                                                                                                                RT_ICON0x6f7580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5574324324324325
                                                                                                                RT_DIALOG0x6f8800x200dataEnglishUnited States0.3984375
                                                                                                                RT_DIALOG0x6fa800xf8dataEnglishUnited States0.6290322580645161
                                                                                                                RT_DIALOG0x6fb780xa0dataEnglishUnited States0.60625
                                                                                                                RT_DIALOG0x6fc180xeedataEnglishUnited States0.6302521008403361
                                                                                                                RT_GROUP_ICON0x6fd080xbcdataEnglishUnited States0.6595744680851063
                                                                                                                RT_MANIFEST0x6fdc80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                Imports

                                                                                                                DLLImport
                                                                                                                ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                Possible Origin

                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                EnglishUnited States

                                                                                                                Network Behavior

                                                                                                                Network Port Distribution

                                                                                                                TCP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Jan 13, 2025 17:03:44.317131042 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:44.317224026 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:44.317322016 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:44.318886995 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:44.318923950 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.042798042 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.046603918 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.046667099 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.048291922 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.048377037 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.052144051 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.052397966 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.052529097 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.095335007 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.099847078 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.099914074 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.146652937 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.308321953 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.308366060 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.308377028 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.308396101 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.308428049 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.308504105 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.308536053 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.308541059 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.308587074 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.325258970 CET49807443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.325292110 CET4434980718.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.539441109 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.539541006 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:45.539638996 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.540708065 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:45.540740967 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.340732098 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.341358900 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:46.341425896 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.345088959 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.345371008 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:46.346028090 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:46.346120119 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:46.346302986 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.396583080 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:46.396648884 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.443449974 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:46.619177103 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.619412899 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:46.619505882 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:47.061845064 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:47.061950922 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:47.061994076 CET49818443192.168.2.618.173.205.52
                                                                                                                Jan 13, 2025 17:03:47.062014103 CET4434981818.173.205.52192.168.2.6
                                                                                                                Jan 13, 2025 17:03:47.467274904 CET49831443192.168.2.618.173.205.94
                                                                                                                Jan 13, 2025 17:03:47.467344046 CET4434983118.173.205.94192.168.2.6
                                                                                                                Jan 13, 2025 17:03:47.467508078 CET49831443192.168.2.618.173.205.94
                                                                                                                Jan 13, 2025 17:03:47.468296051 CET49831443192.168.2.618.173.205.94
                                                                                                                Jan 13, 2025 17:03:47.468311071 CET4434983118.173.205.94192.168.2.6
                                                                                                                Jan 13, 2025 17:03:48.199793100 CET4434983118.173.205.94192.168.2.6
                                                                                                                Jan 13, 2025 17:03:48.256107092 CET49831443192.168.2.618.173.205.94
                                                                                                                Jan 13, 2025 17:03:48.609050989 CET6311353192.168.2.6162.159.36.2
                                                                                                                Jan 13, 2025 17:03:48.613924980 CET5363113162.159.36.2192.168.2.6
                                                                                                                Jan 13, 2025 17:03:48.614037991 CET6311353192.168.2.6162.159.36.2
                                                                                                                Jan 13, 2025 17:03:48.618926048 CET5363113162.159.36.2192.168.2.6
                                                                                                                Jan 13, 2025 17:03:48.640635967 CET49831443192.168.2.618.173.205.94
                                                                                                                Jan 13, 2025 17:03:49.141634941 CET6311353192.168.2.6162.159.36.2
                                                                                                                Jan 13, 2025 17:03:49.147370100 CET5363113162.159.36.2192.168.2.6
                                                                                                                Jan 13, 2025 17:03:49.147413969 CET6311353192.168.2.6162.159.36.2
                                                                                                                Jan 13, 2025 17:03:52.282828093 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:52.282918930 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:52.283289909 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:52.283902884 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:52.283942938 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.237535000 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.271364927 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.271433115 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.275176048 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.275279999 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.275774956 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.275871038 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.275896072 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.276022911 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.318464041 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.318526030 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.365427971 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.598321915 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.598438978 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:53.598495007 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.607486010 CET63142443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:53.607517958 CET4436314252.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:54.111026049 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:54.111073971 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:54.114448071 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:54.189688921 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:54.189727068 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.141462088 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.149319887 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.149357080 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.150368929 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.150448084 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.150969028 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.151035070 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.151117086 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.151124954 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.193464041 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.325962067 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.326028109 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.326114893 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.326955080 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.326975107 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.471539021 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.471632957 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.471677065 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.471842051 CET63157443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.471864939 CET4436315752.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.737732887 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.737807989 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:55.737865925 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.738379955 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:55.738404989 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.226712942 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.227423906 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.227459908 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.228940964 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.229022980 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.235939980 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.236032009 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.236105919 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.236120939 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.287219048 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.548202991 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.548301935 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.549454927 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.549582005 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.549603939 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.549649000 CET63170443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.549654961 CET4436317052.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.671437025 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.671897888 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.671936035 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.672862053 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.672919035 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.673495054 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.673562050 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.673669100 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.673677921 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.724725008 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.952009916 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.952064991 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.952661037 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.959336996 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.959357977 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.989578009 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.989696026 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:56.990145922 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.990645885 CET63176443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:56.990668058 CET4436317652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.877938986 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.878503084 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:57.878516912 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.879504919 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.879705906 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:57.880532980 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:57.880532980 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:57.880543947 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.880614042 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.927845955 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:57.927856922 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.974725008 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.197983027 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:58.198513985 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:58.198565006 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.198761940 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.198761940 CET63189443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.198781013 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:58.198788881 CET4436318952.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:58.201203108 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.201261044 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:58.201320887 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.201783895 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:58.201802969 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.070300102 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.070606947 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.070667982 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.074323893 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.074394941 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.075598955 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.075722933 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.075731039 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.075793982 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.115339994 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.115365028 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.162216902 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.275197983 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.275340080 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.275510073 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.275820017 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.275860071 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.397193909 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.397342920 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.397459984 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.397510052 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.397527933 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:03:59.397559881 CET63203443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:03:59.397566080 CET4436320352.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.234616995 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.235091925 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.235163927 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.236129045 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.236195087 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.236757040 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.236833096 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.236923933 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.236948013 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.287213087 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.565828085 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.567295074 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.567368984 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.567564011 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.567588091 CET4436321652.58.254.151192.168.2.6
                                                                                                                Jan 13, 2025 17:04:00.567630053 CET63216443192.168.2.652.58.254.151
                                                                                                                Jan 13, 2025 17:04:00.567635059 CET4436321652.58.254.151192.168.2.6

                                                                                                                UDP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Jan 13, 2025 17:03:44.295125008 CET6115253192.168.2.61.1.1.1
                                                                                                                Jan 13, 2025 17:03:44.312741041 CET53611521.1.1.1192.168.2.6
                                                                                                                Jan 13, 2025 17:03:47.115818024 CET5424653192.168.2.61.1.1.1
                                                                                                                Jan 13, 2025 17:03:47.135061979 CET53542461.1.1.1192.168.2.6
                                                                                                                Jan 13, 2025 17:03:48.608613968 CET5363310162.159.36.2192.168.2.6
                                                                                                                Jan 13, 2025 17:03:49.165258884 CET6242553192.168.2.61.1.1.1
                                                                                                                Jan 13, 2025 17:03:49.566190958 CET53624251.1.1.1192.168.2.6
                                                                                                                Jan 13, 2025 17:03:52.265439987 CET5006653192.168.2.61.1.1.1
                                                                                                                Jan 13, 2025 17:03:52.272526026 CET53500661.1.1.1192.168.2.6
                                                                                                                Jan 13, 2025 17:03:57.879029036 CET6061253192.168.2.61.1.1.1

                                                                                                                DNS Queries

                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Jan 13, 2025 17:03:44.295125008 CET192.168.2.61.1.1.10xcaaStandard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:47.115818024 CET192.168.2.61.1.1.10x3963Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:49.165258884 CET192.168.2.61.1.1.10x3be4Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:52.265439987 CET192.168.2.61.1.1.10x356Standard query (0)feedback.wildix.comA (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:57.879029036 CET192.168.2.61.1.1.10x2e23Standard query (0)crt.sectigo.comA (IP address)IN (0x0001)false

                                                                                                                DNS Answers

                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Jan 13, 2025 17:03:44.312741041 CET1.1.1.1192.168.2.60xcaaNo error (0)files.wildix.com18.173.205.52A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:44.312741041 CET1.1.1.1192.168.2.60xcaaNo error (0)files.wildix.com18.173.205.94A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:44.312741041 CET1.1.1.1192.168.2.60xcaaNo error (0)files.wildix.com18.173.205.16A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:44.312741041 CET1.1.1.1192.168.2.60xcaaNo error (0)files.wildix.com18.173.205.34A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:47.135061979 CET1.1.1.1192.168.2.60x3963No error (0)files.wildix.com18.173.205.94A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:47.135061979 CET1.1.1.1192.168.2.60x3963No error (0)files.wildix.com18.173.205.52A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:47.135061979 CET1.1.1.1192.168.2.60x3963No error (0)files.wildix.com18.173.205.16A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:47.135061979 CET1.1.1.1192.168.2.60x3963No error (0)files.wildix.com18.173.205.34A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:49.566190958 CET1.1.1.1192.168.2.60x3be4Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:52.272526026 CET1.1.1.1192.168.2.60x356No error (0)feedback.wildix.com52.58.254.151A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:52.272526026 CET1.1.1.1192.168.2.60x356No error (0)feedback.wildix.com3.126.89.4A (IP address)IN (0x0001)false
                                                                                                                Jan 13, 2025 17:03:57.885792971 CET1.1.1.1192.168.2.60x2e23No error (0)crt.sectigo.comcrt.comodoca.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                HTTP Request Dependency Graph

                                                                                                                • files.wildix.com
                                                                                                                • feedback.wildix.com

                                                                                                                HTTPS Proxied Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.64980718.173.205.524436032C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:45 UTC85OUTGET /integrations/integrations.json HTTP/1.1
                                                                                                                Host: files.wildix.com
                                                                                                                Accept: */*
                                                                                                                2025-01-13 16:03:45 UTC592INHTTP/1.1 200 OK
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 7975
                                                                                                                Connection: close
                                                                                                                Last-Modified: Fri, 10 Jan 2025 13:12:49 GMT
                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                x-amz-meta-version: 166
                                                                                                                x-amz-version-id: YjYDdyS796YepSojBKoWYASe.f0AG1.f
                                                                                                                Accept-Ranges: bytes
                                                                                                                Server: AmazonS3
                                                                                                                Date: Mon, 13 Jan 2025 16:03:04 GMT
                                                                                                                ETag: "113981b343e8f125f610c67c492e91ac"
                                                                                                                X-Cache: Hit from cloudfront
                                                                                                                Via: 1.1 e787a68a5271d06ea7b7e56fa6886dc8.cloudfront.net (CloudFront)
                                                                                                                X-Amz-Cf-Pop: FRA56-P12
                                                                                                                X-Amz-Cf-Id: 0zLEBhcRwYH95sklSxuOQvAlioUdI0mWmwYmv8THwKWQrCS550Od1g==
                                                                                                                Age: 42
                                                                                                                Vary: Origin
                                                                                                                2025-01-13 16:03:45 UTC7975INData Raw: 7b 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 31 36 36 2c 0a 20 20 22 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 22 62 72 6f 77 73 65 72 65 78 74 22 3a 20 7b 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 65 6e 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0a 20 20 20 20 20 20 20 20 22 65 6e 2d 75 73 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0a 20 20 20 20 20 20 20 20 22 69 74 22 3a 20 22 45 73 74 65 6e 73 69 6f 6e 65 20 64 65 6c 20 62 72 6f 77 73 65 72 22 2c 0a 20 20 20 20 20 20 20 20 22 64 65 22 3a 20 22 42 72 6f 77 73 65 72 2d 45 72 77 65 69 74 65 72 75 6e 67 22 2c 0a 20 20 20 20 20 20 20 20 22 66 72 22 3a 20 22 45 78 74 65 6e 73 69 6f 6e 20 70 6f 75 72
                                                                                                                Data Ascii: { "version": 166, "integrations": { "browserext": { "name": { "en": "Browser extension", "en-us": "Browser extension", "it": "Estensione del browser", "de": "Browser-Erweiterung", "fr": "Extension pour


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.64981818.173.205.524436032C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:46 UTC85OUTGET /integrations/applications.json HTTP/1.1
                                                                                                                Host: files.wildix.com
                                                                                                                Accept: */*
                                                                                                                2025-01-13 16:03:46 UTC594INHTTP/1.1 200 OK
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 822
                                                                                                                Connection: close
                                                                                                                Last-Modified: Mon, 13 Jan 2025 08:19:46 GMT
                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                x-amz-meta-version: 2.6.13
                                                                                                                x-amz-version-id: 7kCJ.rjGctAcOmJOSd_GIC_6SAhaMG8l
                                                                                                                Accept-Ranges: bytes
                                                                                                                Server: AmazonS3
                                                                                                                Date: Mon, 13 Jan 2025 16:03:46 GMT
                                                                                                                ETag: "41d8375f1333cd4f91990479dac50a25"
                                                                                                                X-Cache: Hit from cloudfront
                                                                                                                Via: 1.1 392cb865edfd76152c5ac655614b2f60.cloudfront.net (CloudFront)
                                                                                                                X-Amz-Cf-Pop: FRA56-P12
                                                                                                                X-Amz-Cf-Id: AQVCxCA3PhqSmQeT1uZ_Di47G7ldoskuhPWk3tceatUBFARSVxsGVg==
                                                                                                                Age: 28
                                                                                                                Vary: Origin
                                                                                                                2025-01-13 16:03:46 UTC822INData Raw: 7b 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 37 2c 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 32 2e 36 2e 31 33 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 65 72 74 49 64 22 3a 20 22 66 66 36 30 31 38 66 64 34 62 34 64 39 61 64 61 37 63 64 63 64 66 36 36 34 64 64 61 33 63 36 62 62 37 31 30 66 61 61 30 38 30 38 61 36 38 66 61 38 65 62 37 31 31 35 35 33 61 31 37 65 66 62 37 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61
                                                                                                                Data Ascii: { "version": 7, "applications": { "collaboration": { "win": { "version": "2.6.13", "certId": "ff6018fd4b4d9ada7cdcdf664dda3c6bb710faa0808a68fa8eb711553a17efb7", "file": "win/colla


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.66314252.58.254.1514437032C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:53 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 547
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:03:53 UTC547OUTData Raw: 65 76 65 6e 74 3d 77 69 53 65 72 76 69 63 65 53 74 61 72 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 77 69 73 65 72 76 69 63 65 22 2c 22 61 75 74 6f 55 70 64 61 74 65 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 48 6f 73 74 22 3a 22 22 2c 22 6c 61 73 74 43 6f 6e 6e 65 63 74 65 64 54 69 6d 65 22 3a 30 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 31 39 2e 31 2e 31 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22
                                                                                                                Data Ascii: event=wiServiceStarted&data={"appName":"wiservice","autoUpdate":"disabled","lastConnectedHost":"","lastConnectedTime":0,"version":"3.19.1.1"}&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId"
                                                                                                                2025-01-13 16:03:53 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:03:53 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:03:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.66315752.58.254.1514437032C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:55 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 482
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:03:55 UTC482OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 4b 65 79 45 76 65 6e 74 26 64 61 74 61 3d 7b 22 73 74 61 74 75 73 22 3a 22 64 69 73 63 6f 6e 6e 65 63 74 65 64 22 2c 22 74 79 70 65 22 3a 22 68 65 61 64 73 65 74 5f 73 74 61 74 75 73 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 32 34 32 66 62 35 36 2d 63 65 64 65 2d 34 34 37 31 2d 61 66 65 66 2d 65 32 30 35 61 33 35 36 39 66 65 35 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 63 33 64 33 36 62 34 66 2d 65 64 65
                                                                                                                Data Ascii: event=headsetKeyEvent&data={"status":"disconnected","type":"headset_status"}&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6242fb56-cede-4471-afef-e205a3569fe5","messageId":"c3d36b4f-ede
                                                                                                                2025-01-13 16:03:55 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:03:55 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:03:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                4192.168.2.66317052.58.254.151443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:56 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 398
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:03:56 UTC398OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 53 79 6e 63 53 74 61 72 74 65 64 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 64 39 36 61 64 62 66 35 2d 61 31 37 63 2d 34 61 32 35 2d 38 35 62 65 2d 38 65 64 38 35 33 63 37 65 39 61 36 22 2c 22 6f 73 22 3a 22 57 69 6e 64 6f 77 73 5f 4e 54 22 2c 22 6f 73 42 69 74 73 22 3a 22 36 34 62 69 74 22 2c 22 6f 73 42 75 69 6c 64 22 3a 22 22 2c 22 6f 73 4e 61 6d 65 22 3a 22 57 69 6e 64 6f 77 73
                                                                                                                Data Ascii: event=outlookSyncStarted&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"","machineId":"","messageId":"d96adbf5-a17c-4a25-85be-8ed853c7e9a6","os":"Windows_NT","osBits":"64bit","osBuild":"","osName":"Windows
                                                                                                                2025-01-13 16:03:56 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:03:56 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:03:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.66317652.58.254.1514437032C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:56 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 479
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:03:56 UTC479OUTData Raw: 65 76 65 6e 74 3d 68 65 61 64 73 65 74 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 68 65 61 64 73 65 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 32 34 32 66 62 35 36 2d 63 65 64 65 2d 34 34 37 31 2d 61 66 65 66 2d 65 32 30 35 61 33 35 36 39 66 65 35 22 2c 22 6d 65 73 73 61 67 65 49 64 22 3a 22 36 65 36 35 38 30 34 33 2d 31 35 31 30 2d 34
                                                                                                                Data Ascii: event=headsetIntegrationConnected&data={"appName":"headset","version":""}&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6242fb56-cede-4471-afef-e205a3569fe5","messageId":"6e658043-1510-4
                                                                                                                2025-01-13 16:03:56 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:03:56 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:03:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                6192.168.2.66318952.58.254.151443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:57 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 516
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:03:57 UTC516OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 53 79 6e 63 4c 6f 67 4d 65 73 73 61 67 65 26 64 61 74 61 3d 7b 22 6c 6f 67 4d 65 73 73 61 67 65 54 79 70 65 22 3a 22 6c 6f 61 64 65 72 5f 66 61 69 6c 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 7b 5c 22 64 65 73 63 72 69 70 74 69 6f 6e 5c 22 3a 5c 22 43 6f 75 6c 64 6e 27 74 20 67 65 74 20 73 65 73 73 69 6f 6e 20 6f 62 6a 65 63 74 20 28 30 20 70 72 6f 66 69 6c 65 73 29 5c 22 7d 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22
                                                                                                                Data Ascii: event=outlookSyncLogMessage&data={"logMessageType":"loader_failed","message":"{\"description\":\"Couldn't get session object (0 profiles)\"}"}&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"","machineId":"
                                                                                                                2025-01-13 16:03:58 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:03:58 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:03:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                7192.168.2.66320352.58.254.151443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:03:59 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 514
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:03:59 UTC514OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 53 79 6e 63 45 72 72 6f 72 4d 65 73 73 61 67 65 26 64 61 74 61 3d 7b 22 65 72 72 6f 72 4d 65 73 73 61 67 65 54 79 70 65 22 3a 22 69 6e 76 61 6c 69 64 5f 6d 65 73 73 61 67 65 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 7b 5c 22 64 65 73 63 72 69 70 74 69 6f 6e 5c 22 3a 5c 22 49 6e 76 61 6c 69 64 20 6d 65 73 73 61 67 65 20 6b 69 6e 64 20 27 45 5f 48 45 41 44 53 45 54 27 5c 22 7d 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 22 2c
                                                                                                                Data Ascii: event=outlookSyncErrorMessage&data={"errorMessageType":"invalid_message","message":"{\"description\":\"Invalid message kind 'E_HEADSET'\"}"}&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"","machineId":"",
                                                                                                                2025-01-13 16:03:59 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:03:59 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:03:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                8192.168.2.66321652.58.254.1514437032C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2025-01-13 16:04:00 UTC155OUTPOST /api/v1/Analytics/wiservice HTTP/1.1
                                                                                                                Host: feedback.wildix.com
                                                                                                                Accept: */*
                                                                                                                Content-Length: 502
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                2025-01-13 16:04:00 UTC502OUTData Raw: 65 76 65 6e 74 3d 6f 75 74 6c 6f 6f 6b 49 6e 74 65 67 72 61 74 69 6f 6e 43 6f 6e 6e 65 63 74 65 64 26 64 61 74 61 3d 7b 22 61 70 70 4e 61 6d 65 22 3a 22 6f 75 74 6c 6f 6f 6b 22 2c 22 63 6f 6e 6e 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 57 53 53 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 22 7d 26 63 6f 6e 74 65 78 74 3d 7b 22 61 72 63 68 22 3a 22 78 36 34 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 65 78 74 65 6e 73 69 6f 6e 22 3a 22 22 2c 22 69 6e 73 74 61 6c 6c 65 72 22 3a 22 65 78 65 22 2c 22 6d 61 63 68 69 6e 65 49 64 22 3a 22 36 32 34 32 66 62 35 36 2d 63 65 64 65 2d 34 34 37 31 2d 61 66 65 66 2d 65 32 30 35 61 33 35 36 39 66 65 35 22 2c 22 6d 65 73 73
                                                                                                                Data Ascii: event=outlookIntegrationConnected&data={"appName":"outlook","connectionType":"WSS","version":""}&context={"arch":"x64","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","extension":"","installer":"exe","machineId":"6242fb56-cede-4471-afef-e205a3569fe5","mess
                                                                                                                2025-01-13 16:04:00 UTC360INHTTP/1.1 200 OK
                                                                                                                Date: Mon, 13 Jan 2025 16:04:00 GMT
                                                                                                                Content-Type: text/html;charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Server: nginx/1.16.1
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Access-Control-Allow-Headers: accept, authorization, content-type
                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
                                                                                                                2025-01-13 16:04:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:0
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\3.19.1+SetupWIService.exe"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:25'539'800 bytes
                                                                                                                MD5 hash:A7046C3136192E6E7B5180728B3B3B49
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:2
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:3
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:4
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM WIService.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:5
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:6
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:7
                                                                                                                Start time:11:03:17
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM WIui.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:8
                                                                                                                Start time:11:03:18
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:9
                                                                                                                Start time:11:03:18
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:10
                                                                                                                Start time:11:03:18
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM wirtpproxy.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:11
                                                                                                                Start time:11:03:18
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:12
                                                                                                                Start time:11:03:18
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:13
                                                                                                                Start time:11:03:18
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM wiservice-ui.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:14
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:15
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:16
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM vncsrv.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:17
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:18
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:19
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:20
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM WildixOutlookSync32.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:21
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:22
                                                                                                                Start time:11:03:19
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM WildixOutlookSync32.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:23
                                                                                                                Start time:11:03:20
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:cmd /C taskkill /F /IM WildixOutlookSync64.exe
                                                                                                                Imagebase:0x1c0000
                                                                                                                File size:236'544 bytes
                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:24
                                                                                                                Start time:11:03:20
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:25
                                                                                                                Start time:11:03:20
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:taskkill /F /IM WildixOutlookSync64.exe
                                                                                                                Imagebase:0x4d0000
                                                                                                                File size:74'240 bytes
                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:26
                                                                                                                Start time:11:03:24
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:27
                                                                                                                Start time:11:03:25
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\spoolsv.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                                Imagebase:0x7ff7d9050000
                                                                                                                File size:842'752 bytes
                                                                                                                MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:29
                                                                                                                Start time:11:03:26
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\spoolsv.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                                Imagebase:0x7ff7d9050000
                                                                                                                File size:842'752 bytes
                                                                                                                MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:31
                                                                                                                Start time:11:03:32
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                                                                                Imagebase:0x23038020000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:32
                                                                                                                Start time:11:03:32
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:33
                                                                                                                Start time:11:03:34
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                                                                                Imagebase:0x20ab8380000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:34
                                                                                                                Start time:11:03:34
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:35
                                                                                                                Start time:11:03:36
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                                                                                Imagebase:0x1b22d200000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:36
                                                                                                                Start time:11:03:36
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:37
                                                                                                                Start time:11:03:38
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                                                                                Imagebase:0x171c6f60000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:38
                                                                                                                Start time:11:03:38
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:39
                                                                                                                Start time:11:03:39
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                                                                                Imagebase:0x17acaad0000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:40
                                                                                                                Start time:11:03:39
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:41
                                                                                                                Start time:11:03:40
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                                                                                Imagebase:0x15a3f940000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:42
                                                                                                                Start time:11:03:40
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:43
                                                                                                                Start time:11:03:40
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                                                                                Imagebase:0x261176c0000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:44
                                                                                                                Start time:11:03:40
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:45
                                                                                                                Start time:11:03:41
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                                                                                Imagebase:0x1e4ed3f0000
                                                                                                                File size:65'168 bytes
                                                                                                                MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:46
                                                                                                                Start time:11:03:41
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:47
                                                                                                                Start time:11:03:41
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                                Imagebase:0x7ff63d690000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:48
                                                                                                                Start time:11:03:41
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:49
                                                                                                                Start time:11:03:41
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                                Imagebase:0x7ff7d2520000
                                                                                                                File size:235'008 bytes
                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:50
                                                                                                                Start time:11:03:42
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --update
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:51
                                                                                                                Start time:11:03:42
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                Imagebase:0x7ff63d690000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:52
                                                                                                                Start time:11:03:42
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:53
                                                                                                                Start time:11:03:42
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\netsh.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                Imagebase:0x7ff7b8970000
                                                                                                                File size:96'768 bytes
                                                                                                                MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:54
                                                                                                                Start time:11:03:42
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                Imagebase:0x7ff63d690000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:55
                                                                                                                Start time:11:03:42
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:56
                                                                                                                Start time:11:03:43
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\netsh.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                Imagebase:0x7ff7b8970000
                                                                                                                File size:96'768 bytes
                                                                                                                MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:57
                                                                                                                Start time:11:03:43
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:59
                                                                                                                Start time:11:03:45
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:60
                                                                                                                Start time:11:03:45
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                                                                                Imagebase:0x7ff7403e0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:62
                                                                                                                Start time:11:03:46
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:63
                                                                                                                Start time:11:03:46
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:64
                                                                                                                Start time:11:03:47
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"
                                                                                                                Imagebase:0x6f0000
                                                                                                                File size:5'141'208 bytes
                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:65
                                                                                                                Start time:11:03:47
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                Imagebase:0x7ff609140000
                                                                                                                File size:5'141'208 bytes
                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:66
                                                                                                                Start time:11:03:48
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:67
                                                                                                                Start time:11:03:48
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
                                                                                                                Imagebase:0x7ff6ae840000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:68
                                                                                                                Start time:11:03:49
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                Imagebase:0x7ff609140000
                                                                                                                File size:5'141'208 bytes
                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:69
                                                                                                                Start time:11:03:49
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                                                                Imagebase:0x7ff63d690000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:70
                                                                                                                Start time:11:03:50
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                Imagebase:0x7ff609140000
                                                                                                                File size:5'141'208 bytes
                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:71
                                                                                                                Start time:11:03:49
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:72
                                                                                                                Start time:11:03:50
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                                                                Imagebase:0x7ff7d2520000
                                                                                                                File size:235'008 bytes
                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:73
                                                                                                                Start time:11:03:50
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                                Imagebase:0x7ff76e6c0000
                                                                                                                File size:16'788'080 bytes
                                                                                                                MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:74
                                                                                                                Start time:11:03:50
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:cmd /C schtasks /delete /TN "Wildix\WIService failed update recovery" /F
                                                                                                                Imagebase:0x7ff63d690000
                                                                                                                File size:289'792 bytes
                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:75
                                                                                                                Start time:11:03:50
                                                                                                                Start date:13/01/2025
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Has exited:true

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:31.5%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:16.7%
                                                                                                                  Total number of Nodes:1353
                                                                                                                  Total number of Limit Nodes:38
                                                                                                                  execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2967 401423 2931->2967 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2971 405aeb CreateDirectoryW 2941->2971 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 3021 40559f 2967->3021 2970 40653d lstrcpynW 2970->2938 2972 405afb 2971->2972 2973 405aff GetLastError 2971->2973 2972->2941 2973->2972 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2970 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3106 406873 FindFirstFileW 3043->3106 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3098 405e58 lstrlenW 3046->3098 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3089 40653d lstrcpynW 3065->3089 3090 405c01 3065->3090 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3112 40653d lstrcpynW 3074->3112 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3089->3065 3113 406008 GetFileAttributesW 3090->3113 3093 405c2e 3093->3065 3094 405c24 DeleteFileW 3096 405c2a 3094->3096 3095 405c1c RemoveDirectoryW 3095->3096 3096->3093 3097 405c3a SetFileAttributesW 3096->3097 3097->3093 3099 405e66 3098->3099 3100 405e78 3099->3100 3101 405e6c CharPrevW 3099->3101 3100->3049 3101->3099 3101->3100 3103 406311 3102->3103 3105 40631e 3102->3105 3116 406183 3103->3116 3105->3065 3107 405dcd 3106->3107 3108 406889 FindClose 3106->3108 3107->3072 3109 405e0c lstrlenW CharPrevW 3107->3109 3108->3107 3110 405dd7 3109->3110 3111 405e28 lstrcatW 3109->3111 3110->3057 3111->3110 3112->3076 3114 405c0d 3113->3114 3115 40601a SetFileAttributesW 3113->3115 3114->3093 3114->3094 3114->3095 3115->3114 3117 4061b3 3116->3117 3118 4061d9 GetShortPathNameW 3116->3118 3143 40602d GetFileAttributesW CreateFileW 3117->3143 3120 4062f8 3118->3120 3121 4061ee 3118->3121 3120->3105 3121->3120 3123 4061f6 wsprintfA 3121->3123 3122 4061bd CloseHandle GetShortPathNameW 3122->3120 3124 4061d1 3122->3124 3125 40657a 17 API calls 3123->3125 3124->3118 3124->3120 3126 40621e 3125->3126 3144 40602d GetFileAttributesW CreateFileW 3126->3144 3128 40622b 3128->3120 3129 40623a GetFileSize GlobalAlloc 3128->3129 3130 4062f1 CloseHandle 3129->3130 3131 40625c 3129->3131 3130->3120 3145 4060b0 ReadFile 3131->3145 3136 40627b lstrcpyA 3139 40629d 3136->3139 3137 40628f 3138 405f92 4 API calls 3137->3138 3138->3139 3140 4062d4 SetFilePointer 3139->3140 3152 4060df WriteFile 3140->3152 3143->3122 3144->3128 3146 4060ce 3145->3146 3146->3130 3147 405f92 lstrlenA 3146->3147 3148 405fd3 lstrlenA 3147->3148 3149 405fdb 3148->3149 3150 405fac lstrcmpiA 3148->3150 3149->3136 3149->3137 3150->3149 3151 405fca CharNextA 3150->3151 3151->3148 3153 4060fd GlobalFree 3152->3153 3153->3130 3168 401c43 3169 402d84 17 API calls 3168->3169 3170 401c4a 3169->3170 3171 402d84 17 API calls 3170->3171 3172 401c57 3171->3172 3173 401c6c 3172->3173 3174 402da6 17 API calls 3172->3174 3175 401c7c 3173->3175 3176 402da6 17 API calls 3173->3176 3174->3173 3177 401cd3 3175->3177 3178 401c87 3175->3178 3176->3175 3180 402da6 17 API calls 3177->3180 3179 402d84 17 API calls 3178->3179 3182 401c8c 3179->3182 3181 401cd8 3180->3181 3183 402da6 17 API calls 3181->3183 3184 402d84 17 API calls 3182->3184 3185 401ce1 FindWindowExW 3183->3185 3186 401c98 3184->3186 3189 401d03 3185->3189 3187 401cc3 SendMessageW 3186->3187 3188 401ca5 SendMessageTimeoutW 3186->3188 3187->3189 3188->3189 3878 404943 3879 404953 3878->3879 3880 404979 3878->3880 3881 404499 18 API calls 3879->3881 3882 404500 8 API calls 3880->3882 3883 404960 SetDlgItemTextW 3881->3883 3884 404985 3882->3884 3883->3880 3885 4028c4 3886 4028ca 3885->3886 3887 4028d2 FindClose 3886->3887 3888 402c2a 3886->3888 3887->3888 3242 4014cb 3243 40559f 24 API calls 3242->3243 3244 4014d2 3243->3244 3889 4016cc 3890 402da6 17 API calls 3889->3890 3891 4016d2 GetFullPathNameW 3890->3891 3892 4016ec 3891->3892 3898 40170e 3891->3898 3895 406873 2 API calls 3892->3895 3892->3898 3893 401723 GetShortPathNameW 3894 402c2a 3893->3894 3896 4016fe 3895->3896 3896->3898 3899 40653d lstrcpynW 3896->3899 3898->3893 3898->3894 3899->3898 3900 401e4e GetDC 3901 402d84 17 API calls 3900->3901 3902 401e60 GetDeviceCaps MulDiv ReleaseDC 3901->3902 3903 402d84 17 API calls 3902->3903 3904 401e91 3903->3904 3905 40657a 17 API calls 3904->3905 3906 401ece CreateFontIndirectW 3905->3906 3907 402638 3906->3907 3908 4045cf lstrcpynW lstrlenW 3909 402950 3910 402da6 17 API calls 3909->3910 3912 40295c 3910->3912 3911 402972 3914 406008 2 API calls 3911->3914 3912->3911 3913 402da6 17 API calls 3912->3913 3913->3911 3915 402978 3914->3915 3937 40602d GetFileAttributesW CreateFileW 3915->3937 3917 402985 3918 402a3b 3917->3918 3919 4029a0 GlobalAlloc 3917->3919 3920 402a23 3917->3920 3921 402a42 DeleteFileW 3918->3921 3922 402a55 3918->3922 3919->3920 3923 4029b9 3919->3923 3924 4032b4 31 API calls 3920->3924 3921->3922 3938 4034e5 SetFilePointer 3923->3938 3926 402a30 CloseHandle 3924->3926 3926->3918 3927 4029bf 3928 4034cf ReadFile 3927->3928 3929 4029c8 GlobalAlloc 3928->3929 3930 4029d8 3929->3930 3931 402a0c 3929->3931 3932 4032b4 31 API calls 3930->3932 3933 4060df WriteFile 3931->3933 3936 4029e5 3932->3936 3934 402a18 GlobalFree 3933->3934 3934->3920 3935 402a03 GlobalFree 3935->3931 3936->3935 3937->3917 3938->3927 3939 401956 3940 402da6 17 API calls 3939->3940 3941 40195d lstrlenW 3940->3941 3942 402638 3941->3942 3275 4014d7 3276 402d84 17 API calls 3275->3276 3277 4014dd Sleep 3276->3277 3279 402c2a 3277->3279 3280 4020d8 3281 4020ea 3280->3281 3291 40219c 3280->3291 3282 402da6 17 API calls 3281->3282 3284 4020f1 3282->3284 3283 401423 24 API calls 3289 4022f6 3283->3289 3285 402da6 17 API calls 3284->3285 3286 4020fa 3285->3286 3287 402110 LoadLibraryExW 3286->3287 3288 402102 GetModuleHandleW 3286->3288 3290 402121 3287->3290 3287->3291 3288->3287 3288->3290 3300 406979 3290->3300 3291->3283 3294 402132 3297 401423 24 API calls 3294->3297 3298 402142 3294->3298 3295 40216b 3296 40559f 24 API calls 3295->3296 3296->3298 3297->3298 3298->3289 3299 40218e FreeLibrary 3298->3299 3299->3289 3305 40655f WideCharToMultiByte 3300->3305 3302 406996 3303 40699d GetProcAddress 3302->3303 3304 40212c 3302->3304 3303->3304 3304->3294 3304->3295 3305->3302 3943 404658 3944 404670 3943->3944 3950 40478a 3943->3950 3951 404499 18 API calls 3944->3951 3945 4047f4 3946 4048be 3945->3946 3947 4047fe GetDlgItem 3945->3947 3952 404500 8 API calls 3946->3952 3948 404818 3947->3948 3949 40487f 3947->3949 3948->3949 3956 40483e SendMessageW LoadCursorW SetCursor 3948->3956 3949->3946 3957 404891 3949->3957 3950->3945 3950->3946 3953 4047c5 GetDlgItem SendMessageW 3950->3953 3954 4046d7 3951->3954 3955 4048b9 3952->3955 3976 4044bb KiUserCallbackDispatcher 3953->3976 3959 404499 18 API calls 3954->3959 3980 404907 3956->3980 3962 4048a7 3957->3962 3963 404897 SendMessageW 3957->3963 3960 4046e4 CheckDlgButton 3959->3960 3974 4044bb KiUserCallbackDispatcher 3960->3974 3962->3955 3967 4048ad SendMessageW 3962->3967 3963->3962 3964 4047ef 3977 4048e3 3964->3977 3967->3955 3969 404702 GetDlgItem 3975 4044ce SendMessageW 3969->3975 3971 404718 SendMessageW 3972 404735 GetSysColor 3971->3972 3973 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3971->3973 3972->3973 3973->3955 3974->3969 3975->3971 3976->3964 3978 4048f1 3977->3978 3979 4048f6 SendMessageW 3977->3979 3978->3979 3979->3945 3983 405b63 ShellExecuteExW 3980->3983 3982 40486d LoadCursorW SetCursor 3982->3949 3983->3982 3984 402b59 3985 402b60 3984->3985 3986 402bab 3984->3986 3989 402d84 17 API calls 3985->3989 3992 402ba9 3985->3992 3987 40690a 5 API calls 3986->3987 3988 402bb2 3987->3988 3990 402da6 17 API calls 3988->3990 3991 402b6e 3989->3991 3993 402bbb 3990->3993 3994 402d84 17 API calls 3991->3994 3993->3992 3995 402bbf IIDFromString 3993->3995 3997 402b7a 3994->3997 3995->3992 3996 402bce 3995->3996 3996->3992 4002 40653d lstrcpynW 3996->4002 4001 406484 wsprintfW 3997->4001 4000 402beb CoTaskMemFree 4000->3992 4001->3992 4002->4000 3440 40175c 3441 402da6 17 API calls 3440->3441 3442 401763 3441->3442 3446 40605c 3442->3446 3444 40176a 3445 40605c 2 API calls 3444->3445 3445->3444 3447 406069 GetTickCount GetTempFileNameW 3446->3447 3448 4060a3 3447->3448 3449 40609f 3447->3449 3448->3444 3449->3447 3449->3448 4003 401d5d 4004 402d84 17 API calls 4003->4004 4005 401d6e SetWindowLongW 4004->4005 4006 402c2a 4005->4006 3450 4028de 3451 4028e6 3450->3451 3452 4028ea FindNextFileW 3451->3452 3454 4028fc 3451->3454 3453 402943 3452->3453 3452->3454 3456 40653d lstrcpynW 3453->3456 3456->3454 3457 401ede 3458 402d84 17 API calls 3457->3458 3459 401ee4 3458->3459 3460 402d84 17 API calls 3459->3460 3461 401ef0 3460->3461 3462 401f07 EnableWindow 3461->3462 3463 401efc ShowWindow 3461->3463 3464 402c2a 3462->3464 3463->3464 3465 4056de 3466 405888 3465->3466 3467 4056ff GetDlgItem GetDlgItem GetDlgItem 3465->3467 3469 405891 GetDlgItem CreateThread CloseHandle 3466->3469 3470 4058b9 3466->3470 3510 4044ce SendMessageW 3467->3510 3469->3470 3513 405672 OleInitialize 3469->3513 3472 4058e4 3470->3472 3474 4058d0 ShowWindow ShowWindow 3470->3474 3475 405909 3470->3475 3471 40576f 3479 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3471->3479 3473 405944 3472->3473 3476 4058f8 3472->3476 3477 40591e ShowWindow 3472->3477 3473->3475 3486 405952 SendMessageW 3473->3486 3512 4044ce SendMessageW 3474->3512 3478 404500 8 API calls 3475->3478 3481 404472 SendMessageW 3476->3481 3482 405930 3477->3482 3483 40593e 3477->3483 3491 405917 3478->3491 3484 4057e4 3479->3484 3485 4057c8 SendMessageW SendMessageW 3479->3485 3481->3475 3487 40559f 24 API calls 3482->3487 3488 404472 SendMessageW 3483->3488 3489 4057f7 3484->3489 3490 4057e9 SendMessageW 3484->3490 3485->3484 3486->3491 3492 40596b CreatePopupMenu 3486->3492 3487->3483 3488->3473 3494 404499 18 API calls 3489->3494 3490->3489 3493 40657a 17 API calls 3492->3493 3495 40597b AppendMenuW 3493->3495 3496 405807 3494->3496 3497 405998 GetWindowRect 3495->3497 3498 4059ab TrackPopupMenu 3495->3498 3499 405810 ShowWindow 3496->3499 3500 405844 GetDlgItem SendMessageW 3496->3500 3497->3498 3498->3491 3501 4059c6 3498->3501 3502 405833 3499->3502 3503 405826 ShowWindow 3499->3503 3500->3491 3504 40586b SendMessageW SendMessageW 3500->3504 3505 4059e2 SendMessageW 3501->3505 3511 4044ce SendMessageW 3502->3511 3503->3502 3504->3491 3505->3505 3506 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3505->3506 3508 405a24 SendMessageW 3506->3508 3508->3508 3509 405a4d GlobalUnlock SetClipboardData CloseClipboard 3508->3509 3509->3491 3510->3471 3511->3500 3512->3472 3514 4044e5 SendMessageW 3513->3514 3515 405695 3514->3515 3518 401389 2 API calls 3515->3518 3519 4056bc 3515->3519 3516 4044e5 SendMessageW 3517 4056ce CoUninitialize 3516->3517 3518->3515 3519->3516 4007 404ce0 4008 404cf0 4007->4008 4009 404d0c 4007->4009 4018 405b81 GetDlgItemTextW 4008->4018 4010 404d12 SHGetPathFromIDListW 4009->4010 4011 404d3f 4009->4011 4013 404d29 SendMessageW 4010->4013 4014 404d22 4010->4014 4013->4011 4016 40140b 2 API calls 4014->4016 4015 404cfd SendMessageW 4015->4009 4016->4013 4018->4015 4019 401563 4020 402ba4 4019->4020 4023 406484 wsprintfW 4020->4023 4022 402ba9 4023->4022 4024 401968 4025 402d84 17 API calls 4024->4025 4026 40196f 4025->4026 4027 402d84 17 API calls 4026->4027 4028 40197c 4027->4028 4029 402da6 17 API calls 4028->4029 4030 401993 lstrlenW 4029->4030 4031 4019a4 4030->4031 4035 4019e5 4031->4035 4036 40653d lstrcpynW 4031->4036 4033 4019d5 4034 4019da lstrlenW 4033->4034 4033->4035 4034->4035 4036->4033 4037 40166a 4038 402da6 17 API calls 4037->4038 4039 401670 4038->4039 4040 406873 2 API calls 4039->4040 4041 401676 4040->4041 4042 402aeb 4043 402d84 17 API calls 4042->4043 4044 402af1 4043->4044 4045 40292e 4044->4045 4046 40657a 17 API calls 4044->4046 4046->4045 4047 4026ec 4048 402d84 17 API calls 4047->4048 4049 4026fb 4048->4049 4050 402745 ReadFile 4049->4050 4051 4060b0 ReadFile 4049->4051 4053 402785 MultiByteToWideChar 4049->4053 4054 40283a 4049->4054 4056 4027ab SetFilePointer MultiByteToWideChar 4049->4056 4057 40284b 4049->4057 4059 402838 4049->4059 4060 40610e SetFilePointer 4049->4060 4050->4049 4050->4059 4051->4049 4053->4049 4069 406484 wsprintfW 4054->4069 4056->4049 4058 40286c SetFilePointer 4057->4058 4057->4059 4058->4059 4061 40612a 4060->4061 4064 406142 4060->4064 4062 4060b0 ReadFile 4061->4062 4063 406136 4062->4063 4063->4064 4065 406173 SetFilePointer 4063->4065 4066 40614b SetFilePointer 4063->4066 4064->4049 4065->4064 4066->4065 4067 406156 4066->4067 4068 4060df WriteFile 4067->4068 4068->4064 4069->4059 3807 40176f 3808 402da6 17 API calls 3807->3808 3809 401776 3808->3809 3810 401796 3809->3810 3811 40179e 3809->3811 3846 40653d lstrcpynW 3810->3846 3847 40653d lstrcpynW 3811->3847 3814 40179c 3818 4067c4 5 API calls 3814->3818 3815 4017a9 3816 405e0c 3 API calls 3815->3816 3817 4017af lstrcatW 3816->3817 3817->3814 3835 4017bb 3818->3835 3819 406873 2 API calls 3819->3835 3820 406008 2 API calls 3820->3835 3822 4017cd CompareFileTime 3822->3835 3823 40188d 3825 40559f 24 API calls 3823->3825 3824 401864 3826 40559f 24 API calls 3824->3826 3830 401879 3824->3830 3828 401897 3825->3828 3826->3830 3827 40653d lstrcpynW 3827->3835 3829 4032b4 31 API calls 3828->3829 3831 4018aa 3829->3831 3832 4018be SetFileTime 3831->3832 3833 4018d0 CloseHandle 3831->3833 3832->3833 3833->3830 3836 4018e1 3833->3836 3834 40657a 17 API calls 3834->3835 3835->3819 3835->3820 3835->3822 3835->3823 3835->3824 3835->3827 3835->3834 3841 405b9d MessageBoxIndirectW 3835->3841 3845 40602d GetFileAttributesW CreateFileW 3835->3845 3837 4018e6 3836->3837 3838 4018f9 3836->3838 3839 40657a 17 API calls 3837->3839 3840 40657a 17 API calls 3838->3840 3842 4018ee lstrcatW 3839->3842 3843 401901 3840->3843 3841->3835 3842->3843 3844 405b9d MessageBoxIndirectW 3843->3844 3844->3830 3845->3835 3846->3814 3847->3815 4070 401a72 4071 402d84 17 API calls 4070->4071 4072 401a7b 4071->4072 4073 402d84 17 API calls 4072->4073 4074 401a20 4073->4074 4075 401573 4076 401583 ShowWindow 4075->4076 4077 40158c 4075->4077 4076->4077 4078 402c2a 4077->4078 4079 40159a ShowWindow 4077->4079 4079->4078 4080 4023f4 4081 402da6 17 API calls 4080->4081 4082 402403 4081->4082 4083 402da6 17 API calls 4082->4083 4084 40240c 4083->4084 4085 402da6 17 API calls 4084->4085 4086 402416 GetPrivateProfileStringW 4085->4086 4087 4014f5 SetForegroundWindow 4088 402c2a 4087->4088 4089 401ff6 4090 402da6 17 API calls 4089->4090 4091 401ffd 4090->4091 4092 406873 2 API calls 4091->4092 4093 402003 4092->4093 4095 402014 4093->4095 4096 406484 wsprintfW 4093->4096 4096->4095 4097 401b77 4098 402da6 17 API calls 4097->4098 4099 401b7e 4098->4099 4100 402d84 17 API calls 4099->4100 4101 401b87 wsprintfW 4100->4101 4102 402c2a 4101->4102 4103 40167b 4104 402da6 17 API calls 4103->4104 4105 401682 4104->4105 4106 402da6 17 API calls 4105->4106 4107 40168b 4106->4107 4108 402da6 17 API calls 4107->4108 4109 401694 MoveFileW 4108->4109 4110 4016a7 4109->4110 4116 4016a0 4109->4116 4112 406873 2 API calls 4110->4112 4114 4022f6 4110->4114 4111 401423 24 API calls 4111->4114 4113 4016b6 4112->4113 4113->4114 4115 4062fd 36 API calls 4113->4115 4115->4116 4116->4111 4117 4019ff 4118 402da6 17 API calls 4117->4118 4119 401a06 4118->4119 4120 402da6 17 API calls 4119->4120 4121 401a0f 4120->4121 4122 401a16 lstrcmpiW 4121->4122 4123 401a28 lstrcmpW 4121->4123 4124 401a1c 4122->4124 4123->4124 4125 4022ff 4126 402da6 17 API calls 4125->4126 4127 402305 4126->4127 4128 402da6 17 API calls 4127->4128 4129 40230e 4128->4129 4130 402da6 17 API calls 4129->4130 4131 402317 4130->4131 4132 406873 2 API calls 4131->4132 4133 402320 4132->4133 4134 402331 lstrlenW lstrlenW 4133->4134 4135 402324 4133->4135 4137 40559f 24 API calls 4134->4137 4136 40559f 24 API calls 4135->4136 4139 40232c 4135->4139 4136->4139 4138 40236f SHFileOperationW 4137->4138 4138->4135 4138->4139 4140 401000 4141 401037 BeginPaint GetClientRect 4140->4141 4142 40100c DefWindowProcW 4140->4142 4144 4010f3 4141->4144 4147 401179 4142->4147 4145 401073 CreateBrushIndirect FillRect DeleteObject 4144->4145 4146 4010fc 4144->4146 4145->4144 4148 401102 CreateFontIndirectW 4146->4148 4149 401167 EndPaint 4146->4149 4148->4149 4150 401112 6 API calls 4148->4150 4149->4147 4150->4149 3154 401d81 3155 401d94 GetDlgItem 3154->3155 3156 401d87 3154->3156 3157 401d8e 3155->3157 3165 402d84 3156->3165 3159 401dd5 GetClientRect LoadImageW SendMessageW 3157->3159 3160 402da6 17 API calls 3157->3160 3162 401e33 3159->3162 3164 401e3f 3159->3164 3160->3159 3163 401e38 DeleteObject 3162->3163 3162->3164 3163->3164 3166 40657a 17 API calls 3165->3166 3167 402d99 3166->3167 3167->3157 4151 401503 4152 40150b 4151->4152 4154 40151e 4151->4154 4153 402d84 17 API calls 4152->4153 4153->4154 4155 402383 4156 40238a 4155->4156 4159 40239d 4155->4159 4157 40657a 17 API calls 4156->4157 4158 402397 4157->4158 4160 405b9d MessageBoxIndirectW 4158->4160 4160->4159 3190 402c05 SendMessageW 3191 402c2a 3190->3191 3192 402c1f InvalidateRect 3190->3192 3192->3191 4161 404f06 GetDlgItem GetDlgItem 4162 404f58 7 API calls 4161->4162 4168 40517d 4161->4168 4163 404ff2 SendMessageW 4162->4163 4164 404fff DeleteObject 4162->4164 4163->4164 4165 405008 4164->4165 4166 40503f 4165->4166 4169 40657a 17 API calls 4165->4169 4170 404499 18 API calls 4166->4170 4167 40525f 4171 40530b 4167->4171 4181 4052b8 SendMessageW 4167->4181 4201 405170 4167->4201 4168->4167 4172 4051ec 4168->4172 4215 404e54 SendMessageW 4168->4215 4175 405021 SendMessageW SendMessageW 4169->4175 4176 405053 4170->4176 4173 405315 SendMessageW 4171->4173 4174 40531d 4171->4174 4172->4167 4177 405251 SendMessageW 4172->4177 4173->4174 4183 405336 4174->4183 4184 40532f ImageList_Destroy 4174->4184 4199 405346 4174->4199 4175->4165 4180 404499 18 API calls 4176->4180 4177->4167 4178 404500 8 API calls 4182 40550c 4178->4182 4194 405064 4180->4194 4186 4052cd SendMessageW 4181->4186 4181->4201 4187 40533f GlobalFree 4183->4187 4183->4199 4184->4183 4185 4054c0 4190 4054d2 ShowWindow GetDlgItem ShowWindow 4185->4190 4185->4201 4189 4052e0 4186->4189 4187->4199 4188 40513f GetWindowLongW SetWindowLongW 4191 405158 4188->4191 4200 4052f1 SendMessageW 4189->4200 4190->4201 4192 405175 4191->4192 4193 40515d ShowWindow 4191->4193 4214 4044ce SendMessageW 4192->4214 4213 4044ce SendMessageW 4193->4213 4194->4188 4195 40513a 4194->4195 4198 4050b7 SendMessageW 4194->4198 4202 4050f5 SendMessageW 4194->4202 4203 405109 SendMessageW 4194->4203 4195->4188 4195->4191 4198->4194 4199->4185 4206 405381 4199->4206 4220 404ed4 4199->4220 4200->4171 4201->4178 4202->4194 4203->4194 4205 40548b 4207 405496 InvalidateRect 4205->4207 4210 4054a2 4205->4210 4208 4053af SendMessageW 4206->4208 4209 4053c5 4206->4209 4207->4210 4208->4209 4209->4205 4211 405439 SendMessageW SendMessageW 4209->4211 4210->4185 4229 404e0f 4210->4229 4211->4209 4213->4201 4214->4168 4216 404eb3 SendMessageW 4215->4216 4217 404e77 GetMessagePos ScreenToClient SendMessageW 4215->4217 4219 404eab 4216->4219 4218 404eb0 4217->4218 4217->4219 4218->4216 4219->4172 4232 40653d lstrcpynW 4220->4232 4222 404ee7 4233 406484 wsprintfW 4222->4233 4224 404ef1 4225 40140b 2 API calls 4224->4225 4226 404efa 4225->4226 4234 40653d lstrcpynW 4226->4234 4228 404f01 4228->4206 4235 404d46 4229->4235 4231 404e24 4231->4185 4232->4222 4233->4224 4234->4228 4236 404d5f 4235->4236 4237 40657a 17 API calls 4236->4237 4238 404dc3 4237->4238 4239 40657a 17 API calls 4238->4239 4240 404dce 4239->4240 4241 40657a 17 API calls 4240->4241 4242 404de4 lstrlenW wsprintfW SetDlgItemTextW 4241->4242 4242->4231 4243 404609 lstrlenW 4244 404628 4243->4244 4245 40462a WideCharToMultiByte 4243->4245 4244->4245 3193 40248a 3194 402da6 17 API calls 3193->3194 3195 40249c 3194->3195 3196 402da6 17 API calls 3195->3196 3197 4024a6 3196->3197 3210 402e36 3197->3210 3200 40292e 3201 4024de 3203 4024ea 3201->3203 3205 402d84 17 API calls 3201->3205 3202 402da6 17 API calls 3204 4024d4 lstrlenW 3202->3204 3206 402509 RegSetValueExW 3203->3206 3214 4032b4 3203->3214 3204->3201 3205->3203 3208 40251f RegCloseKey 3206->3208 3208->3200 3211 402e51 3210->3211 3234 4063d8 3211->3234 3215 4032cd 3214->3215 3216 4032fb 3215->3216 3241 4034e5 SetFilePointer 3215->3241 3238 4034cf 3216->3238 3220 403468 3222 4034aa 3220->3222 3225 40346c 3220->3225 3221 403318 GetTickCount 3226 403452 3221->3226 3230 403367 3221->3230 3223 4034cf ReadFile 3222->3223 3223->3226 3224 4034cf ReadFile 3224->3230 3225->3226 3227 4034cf ReadFile 3225->3227 3228 4060df WriteFile 3225->3228 3226->3206 3227->3225 3228->3225 3229 4033bd GetTickCount 3229->3230 3230->3224 3230->3226 3230->3229 3231 4033e2 MulDiv wsprintfW 3230->3231 3233 4060df WriteFile 3230->3233 3232 40559f 24 API calls 3231->3232 3232->3230 3233->3230 3235 4063e7 3234->3235 3236 4063f2 RegCreateKeyExW 3235->3236 3237 4024b6 3235->3237 3236->3237 3237->3200 3237->3201 3237->3202 3239 4060b0 ReadFile 3238->3239 3240 403306 3239->3240 3240->3220 3240->3221 3240->3226 3241->3216 4246 40498a 4247 4049b6 4246->4247 4248 4049c7 4246->4248 4307 405b81 GetDlgItemTextW 4247->4307 4249 4049d3 GetDlgItem 4248->4249 4256 404a32 4248->4256 4252 4049e7 4249->4252 4251 4049c1 4254 4067c4 5 API calls 4251->4254 4255 4049fb SetWindowTextW 4252->4255 4259 405eb7 4 API calls 4252->4259 4253 404b16 4305 404cc5 4253->4305 4309 405b81 GetDlgItemTextW 4253->4309 4254->4248 4260 404499 18 API calls 4255->4260 4256->4253 4261 40657a 17 API calls 4256->4261 4256->4305 4258 404500 8 API calls 4263 404cd9 4258->4263 4264 4049f1 4259->4264 4265 404a17 4260->4265 4266 404aa6 SHBrowseForFolderW 4261->4266 4262 404b46 4267 405f14 18 API calls 4262->4267 4264->4255 4271 405e0c 3 API calls 4264->4271 4268 404499 18 API calls 4265->4268 4266->4253 4269 404abe CoTaskMemFree 4266->4269 4270 404b4c 4267->4270 4272 404a25 4268->4272 4273 405e0c 3 API calls 4269->4273 4310 40653d lstrcpynW 4270->4310 4271->4255 4308 4044ce SendMessageW 4272->4308 4275 404acb 4273->4275 4278 404b02 SetDlgItemTextW 4275->4278 4282 40657a 17 API calls 4275->4282 4277 404a2b 4280 40690a 5 API calls 4277->4280 4278->4253 4279 404b63 4281 40690a 5 API calls 4279->4281 4280->4256 4293 404b6a 4281->4293 4283 404aea lstrcmpiW 4282->4283 4283->4278 4285 404afb lstrcatW 4283->4285 4284 404bab 4311 40653d lstrcpynW 4284->4311 4285->4278 4287 404bb2 4288 405eb7 4 API calls 4287->4288 4289 404bb8 GetDiskFreeSpaceW 4288->4289 4291 404bdc MulDiv 4289->4291 4295 404c03 4289->4295 4291->4295 4292 405e58 2 API calls 4292->4293 4293->4284 4293->4292 4293->4295 4294 404c74 4297 404c97 4294->4297 4299 40140b 2 API calls 4294->4299 4295->4294 4296 404e0f 20 API calls 4295->4296 4298 404c61 4296->4298 4312 4044bb KiUserCallbackDispatcher 4297->4312 4300 404c76 SetDlgItemTextW 4298->4300 4301 404c66 4298->4301 4299->4297 4300->4294 4303 404d46 20 API calls 4301->4303 4303->4294 4304 404cb3 4304->4305 4306 4048e3 SendMessageW 4304->4306 4305->4258 4306->4305 4307->4251 4308->4277 4309->4262 4310->4279 4311->4287 4312->4304 3245 40290b 3246 402da6 17 API calls 3245->3246 3247 402912 FindFirstFileW 3246->3247 3248 402925 3247->3248 3249 40293a 3247->3249 3253 406484 wsprintfW 3249->3253 3251 402943 3254 40653d lstrcpynW 3251->3254 3253->3251 3254->3248 4313 40190c 4314 401943 4313->4314 4315 402da6 17 API calls 4314->4315 4316 401948 4315->4316 4317 405c49 67 API calls 4316->4317 4318 401951 4317->4318 4319 40190f 4320 402da6 17 API calls 4319->4320 4321 401916 4320->4321 4322 405b9d MessageBoxIndirectW 4321->4322 4323 40191f 4322->4323 3255 402891 3256 402898 3255->3256 3257 402ba9 3255->3257 3258 402d84 17 API calls 3256->3258 3259 40289f 3258->3259 3260 4028ae SetFilePointer 3259->3260 3260->3257 3261 4028be 3260->3261 3263 406484 wsprintfW 3261->3263 3263->3257 4324 401491 4325 40559f 24 API calls 4324->4325 4326 401498 4325->4326 3264 403b12 3265 403b2a 3264->3265 3266 403b1c CloseHandle 3264->3266 3271 403b57 3265->3271 3266->3265 3269 405c49 67 API calls 3270 403b3b 3269->3270 3273 403b65 3271->3273 3272 403b2f 3272->3269 3273->3272 3274 403b6a FreeLibrary GlobalFree 3273->3274 3274->3272 3274->3274 4327 401f12 4328 402da6 17 API calls 4327->4328 4329 401f18 4328->4329 4330 402da6 17 API calls 4329->4330 4331 401f21 4330->4331 4332 402da6 17 API calls 4331->4332 4333 401f2a 4332->4333 4334 402da6 17 API calls 4333->4334 4335 401f33 4334->4335 4336 401423 24 API calls 4335->4336 4337 401f3a 4336->4337 4344 405b63 ShellExecuteExW 4337->4344 4339 401f82 4340 40292e 4339->4340 4341 4069b5 5 API calls 4339->4341 4342 401f9f CloseHandle 4341->4342 4342->4340 4344->4339 4345 405513 4346 405523 4345->4346 4347 405537 4345->4347 4348 405580 4346->4348 4349 405529 4346->4349 4350 40553f IsWindowVisible 4347->4350 4356 405556 4347->4356 4351 405585 CallWindowProcW 4348->4351 4352 4044e5 SendMessageW 4349->4352 4350->4348 4353 40554c 4350->4353 4354 405533 4351->4354 4352->4354 4355 404e54 5 API calls 4353->4355 4355->4356 4356->4351 4357 404ed4 4 API calls 4356->4357 4357->4348 4358 402f93 4359 402fa5 SetTimer 4358->4359 4360 402fbe 4358->4360 4359->4360 4361 403013 4360->4361 4362 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4360->4362 4362->4361 4363 401d17 4364 402d84 17 API calls 4363->4364 4365 401d1d IsWindow 4364->4365 4366 401a20 4365->4366 3306 403f9a 3307 403fb2 3306->3307 3308 404113 3306->3308 3307->3308 3309 403fbe 3307->3309 3310 404164 3308->3310 3311 404124 GetDlgItem GetDlgItem 3308->3311 3313 403fc9 SetWindowPos 3309->3313 3314 403fdc 3309->3314 3312 4041be 3310->3312 3323 401389 2 API calls 3310->3323 3315 404499 18 API calls 3311->3315 3324 40410e 3312->3324 3377 4044e5 3312->3377 3313->3314 3317 403fe5 ShowWindow 3314->3317 3318 404027 3314->3318 3319 40414e SetClassLongW 3315->3319 3325 4040d1 3317->3325 3326 404005 GetWindowLongW 3317->3326 3320 404046 3318->3320 3321 40402f DestroyWindow 3318->3321 3322 40140b 2 API calls 3319->3322 3328 40404b SetWindowLongW 3320->3328 3329 40405c 3320->3329 3327 404422 3321->3327 3322->3310 3330 404196 3323->3330 3399 404500 3325->3399 3326->3325 3332 40401e ShowWindow 3326->3332 3327->3324 3339 404453 ShowWindow 3327->3339 3328->3324 3329->3325 3333 404068 GetDlgItem 3329->3333 3330->3312 3334 40419a SendMessageW 3330->3334 3332->3318 3337 404096 3333->3337 3338 404079 SendMessageW IsWindowEnabled 3333->3338 3334->3324 3335 40140b 2 API calls 3345 4041d0 3335->3345 3336 404424 DestroyWindow KiUserCallbackDispatcher 3336->3327 3341 4040a3 3337->3341 3343 4040ea SendMessageW 3337->3343 3344 4040b6 3337->3344 3351 40409b 3337->3351 3338->3324 3338->3337 3339->3324 3340 40657a 17 API calls 3340->3345 3341->3343 3341->3351 3343->3325 3346 4040d3 3344->3346 3347 4040be 3344->3347 3345->3324 3345->3335 3345->3336 3345->3340 3348 404499 18 API calls 3345->3348 3368 404364 DestroyWindow 3345->3368 3380 404499 3345->3380 3349 40140b 2 API calls 3346->3349 3393 40140b 3347->3393 3348->3345 3349->3351 3351->3325 3396 404472 3351->3396 3353 40424b GetDlgItem 3354 404260 3353->3354 3355 404268 ShowWindow KiUserCallbackDispatcher 3353->3355 3354->3355 3383 4044bb KiUserCallbackDispatcher 3355->3383 3357 404292 EnableWindow 3362 4042a6 3357->3362 3358 4042ab GetSystemMenu EnableMenuItem SendMessageW 3359 4042db SendMessageW 3358->3359 3358->3362 3359->3362 3362->3358 3384 4044ce SendMessageW 3362->3384 3385 403f7b 3362->3385 3388 40653d lstrcpynW 3362->3388 3364 40430a lstrlenW 3365 40657a 17 API calls 3364->3365 3366 404320 SetWindowTextW 3365->3366 3389 401389 3366->3389 3368->3327 3369 40437e CreateDialogParamW 3368->3369 3369->3327 3370 4043b1 3369->3370 3371 404499 18 API calls 3370->3371 3372 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3371->3372 3373 401389 2 API calls 3372->3373 3374 404402 3373->3374 3374->3324 3375 40440a ShowWindow 3374->3375 3376 4044e5 SendMessageW 3375->3376 3376->3327 3378 4044fd 3377->3378 3379 4044ee SendMessageW 3377->3379 3378->3345 3379->3378 3381 40657a 17 API calls 3380->3381 3382 4044a4 SetDlgItemTextW 3381->3382 3382->3353 3383->3357 3384->3362 3386 40657a 17 API calls 3385->3386 3387 403f89 SetWindowTextW 3386->3387 3387->3362 3388->3364 3391 401390 3389->3391 3390 4013fe 3390->3345 3391->3390 3392 4013cb MulDiv SendMessageW 3391->3392 3392->3391 3394 401389 2 API calls 3393->3394 3395 401420 3394->3395 3395->3351 3397 404479 3396->3397 3398 40447f SendMessageW 3396->3398 3397->3398 3398->3325 3400 4045c3 3399->3400 3401 404518 GetWindowLongW 3399->3401 3400->3324 3401->3400 3402 40452d 3401->3402 3402->3400 3403 40455a GetSysColor 3402->3403 3404 40455d 3402->3404 3403->3404 3405 404563 SetTextColor 3404->3405 3406 40456d SetBkMode 3404->3406 3405->3406 3407 404585 GetSysColor 3406->3407 3408 40458b 3406->3408 3407->3408 3409 404592 SetBkColor 3408->3409 3410 40459c 3408->3410 3409->3410 3410->3400 3411 4045b6 CreateBrushIndirect 3410->3411 3412 4045af DeleteObject 3410->3412 3411->3400 3412->3411 3413 401b9b 3414 401ba8 3413->3414 3415 401bec 3413->3415 3420 401c31 3414->3420 3421 401bbf 3414->3421 3416 401bf1 3415->3416 3417 401c16 GlobalAlloc 3415->3417 3422 40239d 3416->3422 3434 40653d lstrcpynW 3416->3434 3418 40657a 17 API calls 3417->3418 3418->3420 3419 40657a 17 API calls 3423 402397 3419->3423 3420->3419 3420->3422 3432 40653d lstrcpynW 3421->3432 3435 405b9d 3423->3435 3426 401c03 GlobalFree 3426->3422 3427 401bce 3433 40653d lstrcpynW 3427->3433 3430 401bdd 3439 40653d lstrcpynW 3430->3439 3432->3427 3433->3430 3434->3426 3436 405bb2 3435->3436 3437 405bfe 3436->3437 3438 405bc6 MessageBoxIndirectW 3436->3438 3437->3422 3438->3437 3439->3422 4367 40261c 4368 402da6 17 API calls 4367->4368 4369 402623 4368->4369 4372 40602d GetFileAttributesW CreateFileW 4369->4372 4371 40262f 4372->4371 3520 40259e 3530 402de6 3520->3530 3523 402d84 17 API calls 3524 4025b1 3523->3524 3525 4025d9 RegEnumValueW 3524->3525 3526 4025cd RegEnumKeyW 3524->3526 3527 40292e 3524->3527 3528 4025ee RegCloseKey 3525->3528 3526->3528 3528->3527 3531 402da6 17 API calls 3530->3531 3532 402dfd 3531->3532 3533 4063aa RegOpenKeyExW 3532->3533 3534 4025a8 3533->3534 3534->3523 4373 40149e 4374 4014ac PostQuitMessage 4373->4374 4375 40239d 4373->4375 4374->4375 4376 4015a3 4377 402da6 17 API calls 4376->4377 4378 4015aa SetFileAttributesW 4377->4378 4379 4015bc 4378->4379 3535 401fa4 3536 402da6 17 API calls 3535->3536 3537 401faa 3536->3537 3538 40559f 24 API calls 3537->3538 3539 401fb4 3538->3539 3548 405b20 CreateProcessW 3539->3548 3542 40292e 3545 401fcf 3546 401fdd CloseHandle 3545->3546 3556 406484 wsprintfW 3545->3556 3546->3542 3549 405b53 CloseHandle 3548->3549 3550 401fba 3548->3550 3549->3550 3550->3542 3550->3546 3551 4069b5 WaitForSingleObject 3550->3551 3552 4069cf 3551->3552 3553 4069e1 GetExitCodeProcess 3552->3553 3557 406946 3552->3557 3553->3545 3556->3546 3558 406963 PeekMessageW 3557->3558 3559 406973 WaitForSingleObject 3558->3559 3560 406959 DispatchMessageW 3558->3560 3559->3552 3560->3558 3561 4021aa 3562 402da6 17 API calls 3561->3562 3563 4021b1 3562->3563 3564 402da6 17 API calls 3563->3564 3565 4021bb 3564->3565 3566 402da6 17 API calls 3565->3566 3567 4021c5 3566->3567 3568 402da6 17 API calls 3567->3568 3569 4021cf 3568->3569 3570 402da6 17 API calls 3569->3570 3571 4021d9 3570->3571 3572 402218 CoCreateInstance 3571->3572 3573 402da6 17 API calls 3571->3573 3576 402237 3572->3576 3573->3572 3574 401423 24 API calls 3575 4022f6 3574->3575 3576->3574 3576->3575 3577 40252a 3578 402de6 17 API calls 3577->3578 3579 402534 3578->3579 3580 402da6 17 API calls 3579->3580 3581 40253d 3580->3581 3582 402548 RegQueryValueExW 3581->3582 3587 40292e 3581->3587 3583 40256e RegCloseKey 3582->3583 3584 402568 3582->3584 3583->3587 3584->3583 3588 406484 wsprintfW 3584->3588 3588->3583 4380 40202a 4381 402da6 17 API calls 4380->4381 4382 402031 4381->4382 4383 40690a 5 API calls 4382->4383 4384 402040 4383->4384 4385 40205c GlobalAlloc 4384->4385 4388 4020cc 4384->4388 4386 402070 4385->4386 4385->4388 4387 40690a 5 API calls 4386->4387 4389 402077 4387->4389 4390 40690a 5 API calls 4389->4390 4391 402081 4390->4391 4391->4388 4395 406484 wsprintfW 4391->4395 4393 4020ba 4396 406484 wsprintfW 4393->4396 4395->4393 4396->4388 4397 403baa 4398 403bb5 4397->4398 4399 403bb9 4398->4399 4400 403bbc GlobalAlloc 4398->4400 4400->4399 3589 40352d SetErrorMode GetVersionExW 3590 4035b7 3589->3590 3591 40357f GetVersionExW 3589->3591 3592 403610 3590->3592 3593 40690a 5 API calls 3590->3593 3591->3590 3594 40689a 3 API calls 3592->3594 3593->3592 3595 403626 lstrlenA 3594->3595 3595->3592 3596 403636 3595->3596 3597 40690a 5 API calls 3596->3597 3598 40363d 3597->3598 3599 40690a 5 API calls 3598->3599 3600 403644 3599->3600 3601 40690a 5 API calls 3600->3601 3605 403650 #17 OleInitialize SHGetFileInfoW 3601->3605 3604 40369d GetCommandLineW 3680 40653d lstrcpynW 3604->3680 3679 40653d lstrcpynW 3605->3679 3607 4036af 3608 405e39 CharNextW 3607->3608 3609 4036d5 CharNextW 3608->3609 3621 4036e6 3609->3621 3610 4037e4 3611 4037f8 GetTempPathW 3610->3611 3681 4034fc 3611->3681 3613 403810 3615 403814 GetWindowsDirectoryW lstrcatW 3613->3615 3616 40386a DeleteFileW 3613->3616 3614 405e39 CharNextW 3614->3621 3617 4034fc 12 API calls 3615->3617 3691 40307d GetTickCount GetModuleFileNameW 3616->3691 3619 403830 3617->3619 3619->3616 3622 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3619->3622 3620 40387d 3624 403a59 ExitProcess CoUninitialize 3620->3624 3626 403932 3620->3626 3634 405e39 CharNextW 3620->3634 3621->3610 3621->3614 3623 4037e6 3621->3623 3625 4034fc 12 API calls 3622->3625 3775 40653d lstrcpynW 3623->3775 3628 403a69 3624->3628 3629 403a7e 3624->3629 3633 403862 3625->3633 3719 403bec 3626->3719 3630 405b9d MessageBoxIndirectW 3628->3630 3631 403a86 GetCurrentProcess OpenProcessToken 3629->3631 3632 403afc ExitProcess 3629->3632 3636 403a76 ExitProcess 3630->3636 3637 403acc 3631->3637 3638 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3631->3638 3633->3616 3633->3624 3648 40389f 3634->3648 3641 40690a 5 API calls 3637->3641 3638->3637 3639 403941 3639->3624 3644 403ad3 3641->3644 3642 403908 3645 405f14 18 API calls 3642->3645 3643 403949 3647 405b08 5 API calls 3643->3647 3646 403ae8 ExitWindowsEx 3644->3646 3650 403af5 3644->3650 3649 403914 3645->3649 3646->3632 3646->3650 3651 40394e lstrcatW 3647->3651 3648->3642 3648->3643 3649->3624 3776 40653d lstrcpynW 3649->3776 3654 40140b 2 API calls 3650->3654 3652 40396a lstrcatW lstrcmpiW 3651->3652 3653 40395f lstrcatW 3651->3653 3652->3639 3655 40398a 3652->3655 3653->3652 3654->3632 3657 403996 3655->3657 3658 40398f 3655->3658 3661 405aeb 2 API calls 3657->3661 3660 405a6e 4 API calls 3658->3660 3659 403927 3777 40653d lstrcpynW 3659->3777 3663 403994 3660->3663 3664 40399b SetCurrentDirectoryW 3661->3664 3663->3664 3665 4039b8 3664->3665 3666 4039ad 3664->3666 3779 40653d lstrcpynW 3665->3779 3778 40653d lstrcpynW 3666->3778 3669 40657a 17 API calls 3670 4039fa DeleteFileW 3669->3670 3671 403a06 CopyFileW 3670->3671 3676 4039c5 3670->3676 3671->3676 3672 403a50 3674 4062fd 36 API calls 3672->3674 3673 4062fd 36 API calls 3673->3676 3674->3639 3675 40657a 17 API calls 3675->3676 3676->3669 3676->3672 3676->3673 3676->3675 3677 405b20 2 API calls 3676->3677 3678 403a3a CloseHandle 3676->3678 3677->3676 3678->3676 3679->3604 3680->3607 3682 4067c4 5 API calls 3681->3682 3684 403508 3682->3684 3683 403512 3683->3613 3684->3683 3685 405e0c 3 API calls 3684->3685 3686 40351a 3685->3686 3687 405aeb 2 API calls 3686->3687 3688 403520 3687->3688 3689 40605c 2 API calls 3688->3689 3690 40352b 3689->3690 3690->3613 3780 40602d GetFileAttributesW CreateFileW 3691->3780 3693 4030bd 3711 4030cd 3693->3711 3781 40653d lstrcpynW 3693->3781 3695 4030e3 3696 405e58 2 API calls 3695->3696 3697 4030e9 3696->3697 3782 40653d lstrcpynW 3697->3782 3699 4030f4 GetFileSize 3700 4031ee 3699->3700 3718 40310b 3699->3718 3783 403019 3700->3783 3702 4031f7 3704 403227 GlobalAlloc 3702->3704 3702->3711 3795 4034e5 SetFilePointer 3702->3795 3703 4034cf ReadFile 3703->3718 3794 4034e5 SetFilePointer 3704->3794 3706 40325a 3708 403019 6 API calls 3706->3708 3708->3711 3709 403210 3712 4034cf ReadFile 3709->3712 3710 403242 3713 4032b4 31 API calls 3710->3713 3711->3620 3714 40321b 3712->3714 3716 40324e 3713->3716 3714->3704 3714->3711 3715 403019 6 API calls 3715->3718 3716->3711 3716->3716 3717 40328b SetFilePointer 3716->3717 3717->3711 3718->3700 3718->3703 3718->3706 3718->3711 3718->3715 3720 40690a 5 API calls 3719->3720 3721 403c00 3720->3721 3722 403c06 3721->3722 3723 403c18 3721->3723 3804 406484 wsprintfW 3722->3804 3724 40640b 3 API calls 3723->3724 3725 403c48 3724->3725 3727 403c67 lstrcatW 3725->3727 3729 40640b 3 API calls 3725->3729 3728 403c16 3727->3728 3796 403ec2 3728->3796 3729->3727 3732 405f14 18 API calls 3733 403c99 3732->3733 3734 403d2d 3733->3734 3736 40640b 3 API calls 3733->3736 3735 405f14 18 API calls 3734->3735 3737 403d33 3735->3737 3738 403ccb 3736->3738 3739 403d43 LoadImageW 3737->3739 3740 40657a 17 API calls 3737->3740 3738->3734 3743 403cec lstrlenW 3738->3743 3746 405e39 CharNextW 3738->3746 3741 403de9 3739->3741 3742 403d6a RegisterClassW 3739->3742 3740->3739 3745 40140b 2 API calls 3741->3745 3744 403da0 SystemParametersInfoW CreateWindowExW 3742->3744 3774 403df3 3742->3774 3747 403d20 3743->3747 3748 403cfa lstrcmpiW 3743->3748 3744->3741 3752 403def 3745->3752 3750 403ce9 3746->3750 3749 405e0c 3 API calls 3747->3749 3748->3747 3751 403d0a GetFileAttributesW 3748->3751 3754 403d26 3749->3754 3750->3743 3755 403d16 3751->3755 3753 403ec2 18 API calls 3752->3753 3752->3774 3756 403e00 3753->3756 3805 40653d lstrcpynW 3754->3805 3755->3747 3758 405e58 2 API calls 3755->3758 3759 403e0c ShowWindow 3756->3759 3760 403e8f 3756->3760 3758->3747 3762 40689a 3 API calls 3759->3762 3761 405672 5 API calls 3760->3761 3763 403e95 3761->3763 3764 403e24 3762->3764 3765 403eb1 3763->3765 3766 403e99 3763->3766 3767 403e32 GetClassInfoW 3764->3767 3769 40689a 3 API calls 3764->3769 3768 40140b 2 API calls 3765->3768 3772 40140b 2 API calls 3766->3772 3766->3774 3770 403e46 GetClassInfoW RegisterClassW 3767->3770 3771 403e5c DialogBoxParamW 3767->3771 3768->3774 3769->3767 3770->3771 3773 40140b 2 API calls 3771->3773 3772->3774 3773->3774 3774->3639 3775->3611 3776->3659 3777->3626 3778->3665 3779->3676 3780->3693 3781->3695 3782->3699 3784 403022 3783->3784 3785 40303a 3783->3785 3786 403032 3784->3786 3787 40302b DestroyWindow 3784->3787 3788 403042 3785->3788 3789 40304a GetTickCount 3785->3789 3786->3702 3787->3786 3790 406946 2 API calls 3788->3790 3791 403058 CreateDialogParamW ShowWindow 3789->3791 3792 40307b 3789->3792 3793 403048 3790->3793 3791->3792 3792->3702 3793->3702 3794->3710 3795->3709 3797 403ed6 3796->3797 3806 406484 wsprintfW 3797->3806 3799 403f47 3800 403f7b 18 API calls 3799->3800 3802 403f4c 3800->3802 3801 403c77 3801->3732 3802->3801 3803 40657a 17 API calls 3802->3803 3803->3802 3804->3728 3805->3734 3806->3799 4401 401a30 4402 402da6 17 API calls 4401->4402 4403 401a39 ExpandEnvironmentStringsW 4402->4403 4404 401a4d 4403->4404 4406 401a60 4403->4406 4405 401a52 lstrcmpW 4404->4405 4404->4406 4405->4406 4412 4023b2 4413 4023c0 4412->4413 4414 4023ba 4412->4414 4416 4023ce 4413->4416 4417 402da6 17 API calls 4413->4417 4415 402da6 17 API calls 4414->4415 4415->4413 4418 402da6 17 API calls 4416->4418 4420 4023dc 4416->4420 4417->4416 4418->4420 4419 402da6 17 API calls 4421 4023e5 WritePrivateProfileStringW 4419->4421 4420->4419 3848 402434 3849 402467 3848->3849 3850 40243c 3848->3850 3851 402da6 17 API calls 3849->3851 3852 402de6 17 API calls 3850->3852 3853 40246e 3851->3853 3854 402443 3852->3854 3859 402e64 3853->3859 3856 40247b 3854->3856 3857 402da6 17 API calls 3854->3857 3858 402454 RegDeleteValueW RegCloseKey 3857->3858 3858->3856 3860 402e71 3859->3860 3861 402e78 3859->3861 3860->3856 3861->3860 3863 402ea9 3861->3863 3864 4063aa RegOpenKeyExW 3863->3864 3865 402ed7 3864->3865 3866 402ee1 3865->3866 3867 402f8c 3865->3867 3868 402ee7 RegEnumValueW 3866->3868 3869 402f0a 3866->3869 3867->3860 3868->3869 3870 402f71 RegCloseKey 3868->3870 3869->3870 3871 402f46 RegEnumKeyW 3869->3871 3872 402f4f RegCloseKey 3869->3872 3875 402ea9 6 API calls 3869->3875 3870->3867 3871->3869 3871->3872 3873 40690a 5 API calls 3872->3873 3874 402f5f 3873->3874 3876 402f81 3874->3876 3877 402f63 RegDeleteKeyW 3874->3877 3875->3869 3876->3867 3877->3867 4422 401735 4423 402da6 17 API calls 4422->4423 4424 40173c SearchPathW 4423->4424 4425 401757 4424->4425 4426 401d38 4427 402d84 17 API calls 4426->4427 4428 401d3f 4427->4428 4429 402d84 17 API calls 4428->4429 4430 401d4b GetDlgItem 4429->4430 4431 402638 4430->4431 4432 4014b8 4433 4014be 4432->4433 4434 401389 2 API calls 4433->4434 4435 4014c6 4434->4435 4436 40263e 4437 402652 4436->4437 4438 40266d 4436->4438 4439 402d84 17 API calls 4437->4439 4440 402672 4438->4440 4441 40269d 4438->4441 4448 402659 4439->4448 4442 402da6 17 API calls 4440->4442 4443 402da6 17 API calls 4441->4443 4445 402679 4442->4445 4444 4026a4 lstrlenW 4443->4444 4444->4448 4453 40655f WideCharToMultiByte 4445->4453 4447 40268d lstrlenA 4447->4448 4449 4026d1 4448->4449 4450 4026e7 4448->4450 4452 40610e 5 API calls 4448->4452 4449->4450 4451 4060df WriteFile 4449->4451 4451->4450 4452->4449 4453->4447

                                                                                                                  Executed Functions

                                                                                                                  Function 0040352D Relevance: 89.7, APIs: 34, Strings: 17, Instructions: 450stringfilecomCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess CoUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                  APIs
                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000020,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000), ref: 004036D6
                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                  • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 00403956
                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 00403965
                                                                                                                    • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 00403970
                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 0040397C
                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\3.19.1+SetupWIService.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                  • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403A5E
                                                                                                                  • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                  • String ID: "C:\Users\user\Desktop\3.19.1+SetupWIService.exe"$.tmp$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\3.19.1+SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                  • API String ID: 2292928366-3990531059
                                                                                                                  • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                  • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                  • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                  • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                  Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                  APIs
                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                                                                  • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                  • ShowWindow.USER32(00010420,00000008), ref: 004058DC
                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                  • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                  • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                  • CloseClipboard.USER32 ref: 00405A61
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                  • String ID: {
                                                                                                                  • API String ID: 590372296-366298937
                                                                                                                  • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                  • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                  • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                  • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                  Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                  APIs
                                                                                                                  • DeleteFileW.KERNELBASE(?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*,?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CBA
                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*,?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CDD
                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*,?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                  • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*,?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                  • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\*.*$\*.*
                                                                                                                  • API String ID: 2035342205-67763201
                                                                                                                  • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                  • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                  • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                  • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                  Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FindFirstFileW.KERNELBASE(?,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76233420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                  • FindClose.KERNELBASE(00000000), ref: 0040688A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                  • String ID: C:\
                                                                                                                  • API String ID: 2295610775-3404278061
                                                                                                                  • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                  • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                  • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                  • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                  Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                  Strings
                                                                                                                  • C:\Program Files\Wildix\WIService, xrefs: 00402269
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateInstance
                                                                                                                  • String ID: C:\Program Files\Wildix\WIService
                                                                                                                  • API String ID: 542301482-2436880260
                                                                                                                  • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                  • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                  • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                  • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                  Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileFindFirst
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1974802433-0
                                                                                                                  • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                  • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                  • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                  • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                  Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                                                                  APIs
                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                  • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                  • DestroyWindow.USER32 ref: 00404035
                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                  • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 121052019-0
                                                                                                                  • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                  • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                  • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                  • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                  Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cc6 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 323 403ccb-403cd4 319->323 323->318 326 403cd6-403cda 323->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                    • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                  • lstrcatW.KERNEL32(1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76233420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403C6D
                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76233420), ref: 00403CED
                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                  • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files\Wildix\WIService), ref: 00403D54
                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                  • API String ID: 1975747703-3798331521
                                                                                                                  • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                  • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                  • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                  • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                  Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                  APIs
                                                                                                                  • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\3.19.1+SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                  • API String ID: 2803837635-506541468
                                                                                                                  • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                  • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                  • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                  • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                  Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                  APIs
                                                                                                                  • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00000000,00425020,762323A0), ref: 004066A8
                                                                                                                  • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000), ref: 00406779
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                  • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                  • API String ID: 4260037668-273412280
                                                                                                                  • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                  • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                  • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                  • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                  Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-40349a call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403413 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 619 403418 610->619 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 619->609 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                  • String ID: *B$ PB$ A$ A$... %d%%$}8@
                                                                                                                  • API String ID: 551687249-3288948294
                                                                                                                  • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                  • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                  • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                  • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                  Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db CloseHandle 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                  APIs
                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Program Files\Wildix\WIService,?,?,00000031), ref: 004017B0
                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files\Wildix\WIService,?,?,00000031), ref: 004017D5
                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0), ref: 004055FA
                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\), ref: 0040560C
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                  • String ID: C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\nsq2C47.tmp$C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dll$Call
                                                                                                                  • API String ID: 1941528284-3660526421
                                                                                                                  • Opcode ID: 3dea8835135b3834e701fe10f85874e2ee0770673dec5a47873efbfea76d0da0
                                                                                                                  • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                  • Opcode Fuzzy Hash: 3dea8835135b3834e701fe10f85874e2ee0770673dec5a47873efbfea76d0da0
                                                                                                                  • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                  Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                  APIs
                                                                                                                  • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                  • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                  • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0), ref: 004055FA
                                                                                                                  • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\), ref: 0040560C
                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000), ref: 00406779
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                  • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\
                                                                                                                  • API String ID: 1495540970-1413779867
                                                                                                                  • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                  • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                  • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                  • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                  Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 705 40689a-4068ba GetSystemDirectoryW 706 4068bc 705->706 707 4068be-4068c0 705->707 706->707 708 4068d1-4068d3 707->708 709 4068c2-4068cb 707->709 711 4068d4-406907 wsprintfW LoadLibraryExW 708->711 709->708 710 4068cd-4068cf 709->710 710->711
                                                                                                                  APIs
                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                  • wsprintfW.USER32 ref: 004068EC
                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                  • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                  • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                  • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                  • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                  Function 00405F14 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 712 405f14-405f2f call 40653d call 405eb7 717 405f31-405f33 712->717 718 405f35-405f42 call 4067c4 712->718 719 405f8d-405f8f 717->719 722 405f52-405f56 718->722 723 405f44-405f4a 718->723 724 405f6c-405f75 lstrlenW 722->724 723->717 725 405f4c-405f50 723->725 726 405f77-405f8b call 405e0c GetFileAttributesW 724->726 727 405f58-405f5f call 406873 724->727 725->717 725->722 726->719 732 405f61-405f64 727->732 733 405f66-405f67 call 405e58 727->733 732->717 732->733 733->724
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                  • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                  • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76233420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                  • String ID: 4#v$C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                  • API String ID: 3248276644-1150081906
                                                                                                                  • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                  • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                  • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                  • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                  Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 735 405a6e-405ab9 CreateDirectoryW 736 405abb-405abd 735->736 737 405abf-405acc GetLastError 735->737 738 405ae6-405ae8 736->738 737->738 739 405ace-405ae2 SetFileSecurityW 737->739 739->736 740 405ae4 GetLastError 739->740 740->738
                                                                                                                  APIs
                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                  • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                  • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                  Strings
                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                  • API String ID: 3449924974-3936084776
                                                                                                                  • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                  • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                  • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                  • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 741 402ea9-402ed2 call 4063aa 743 402ed7-402edb 741->743 744 402ee1-402ee5 743->744 745 402f8c-402f90 743->745 746 402ee7-402f08 RegEnumValueW 744->746 747 402f0a-402f1d 744->747 746->747 748 402f71-402f7f RegCloseKey 746->748 749 402f46-402f4d RegEnumKeyW 747->749 748->745 750 402f1f-402f21 749->750 751 402f4f-402f61 RegCloseKey call 40690a 749->751 750->748 753 402f23-402f37 call 402ea9 750->753 756 402f81-402f87 751->756 757 402f63-402f6f RegDeleteKeyW 751->757 753->751 759 402f39-402f45 753->759 756->745 757->745 759->749
                                                                                                                  APIs
                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1354259210-0
                                                                                                                  • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                  • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                  • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                  • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 760 401d81-401d85 761 401d94-401d9a GetDlgItem 760->761 762 401d87-401d92 call 402d84 760->762 763 401da0-401dcc 761->763 762->763 766 401dd7 763->766 767 401dce-401dd5 call 402da6 763->767 769 401ddb-401e31 GetClientRect LoadImageW SendMessageW 766->769 767->769 771 401e33-401e36 769->771 772 401e3f-401e42 769->772 771->772 773 401e38-401e39 DeleteObject 771->773 774 401e48 772->774 775 402c2a-402c39 772->775 773->772 774->775
                                                                                                                  APIs
                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1849352358-0
                                                                                                                  • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                  • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                  • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                  • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                  • String ID: !
                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                  • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                  • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                  • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                  • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                  Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq2C47.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                  • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp
                                                                                                                  • API String ID: 2655323295-2222702315
                                                                                                                  • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                  • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                  • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                  • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                  Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                  • API String ID: 1716503409-1857211195
                                                                                                                  • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                  • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                  • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                  • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                  Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                    • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Program Files\Wildix\WIService,?,00000000,000000F0), ref: 0040164D
                                                                                                                  Strings
                                                                                                                  • C:\Program Files\Wildix\WIService, xrefs: 00401640
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                  • String ID: C:\Program Files\Wildix\WIService
                                                                                                                  • API String ID: 1892508949-2436880260
                                                                                                                  • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                  • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                  • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                  • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                  Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                  • RegCloseKey.KERNELBASE(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\), ref: 0040645C
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseQueryValue
                                                                                                                  • String ID: Remove folder:
                                                                                                                  • API String ID: 3356406503-1958208860
                                                                                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                  • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                  • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                  Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNELBASE(?,76233420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                  Strings
                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                  • API String ID: 1100898210-3936084776
                                                                                                                  • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                  • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                  • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                  • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                  Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0), ref: 004055FA
                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\), ref: 0040560C
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 334405425-0
                                                                                                                  • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                  • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                  • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                  • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                  Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GlobalFree.KERNEL32(00618228), ref: 00401C0B
                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000), ref: 00406779
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                  • String ID: Call
                                                                                                                  • API String ID: 3292104215-1824292864
                                                                                                                  • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                  • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                  • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                  • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                  Function 00401F12 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseCodeExecuteExitHandleObjectProcessShellSingleWait
                                                                                                                  • String ID: @$C:\Program Files\Wildix\WIService
                                                                                                                  • API String ID: 165873841-3745962701
                                                                                                                  • Opcode ID: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                  • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                  • Opcode Fuzzy Hash: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                  • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                  Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                  • RegEnumValueW.KERNELBASE(00000000,00000000,?,?), ref: 004025E4
                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Enum$CloseValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 397863658-0
                                                                                                                  • Opcode ID: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                                                                  • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                  • Opcode Fuzzy Hash: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                                                                  • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                  Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00406008: GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                    • Part of subcall function 00406008: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                  • DeleteFileW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1655745494-0
                                                                                                                  • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                  • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                  • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                  • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                  Function 004069B5 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069DB
                                                                                                                  • GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2567322000-0
                                                                                                                  • Opcode ID: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                  • Instruction ID: f5f2e02d25af80b97bb350a16654da7f97250589dc800b1049f4071f8343982b
                                                                                                                  • Opcode Fuzzy Hash: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                  • Instruction Fuzzy Hash: 0CE0D8B1A00118FBDB109F54DE05E9E7B6EDF44750F110033FA01B6590D7B19E25DB94
                                                                                                                  Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID: x
                                                                                                                  • API String ID: 3850602802-2363233923
                                                                                                                  • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                  • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                                                                  • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                  • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                                                                  Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsq2C47.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseQueryValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3356406503-0
                                                                                                                  • Opcode ID: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                                                                  • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                  • Opcode Fuzzy Hash: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                                                                  • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3850602802-0
                                                                                                                  • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                  • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                  • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                  • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                  Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegDeleteValueW.KERNELBASE(00000000,00000000,00000033), ref: 00402456
                                                                                                                  • RegCloseKey.KERNELBASE(00000000), ref: 0040245F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseDeleteValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2831762973-0
                                                                                                                  • Opcode ID: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                                                                  • Instruction ID: 30df5d2aec36195d54007c6df5f336708121daf1b93815cec1e8c6dbc8099d71
                                                                                                                  • Opcode Fuzzy Hash: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                                                                  • Instruction Fuzzy Hash: 22F0C232A00120EBDB11ABB89B4DAED72A8AF84314F15443BE141B71C0DAFC5D01866D
                                                                                                                  Function 00405672 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405682
                                                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(00060464,00000000,00000000,00000000), ref: 004044F7
                                                                                                                  • CoUninitialize.COMBASE(00000404,00000000,?,00000000,?), ref: 004056CE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeMessageSendUninitialize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2896919175-0
                                                                                                                  • Opcode ID: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                  • Instruction ID: 6be4ff692d487ef8b3e25caebddd25c5d55207980f196ef2193ccf2f8785d180
                                                                                                                  • Opcode Fuzzy Hash: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                  • Instruction Fuzzy Hash: B3F0F0765006009AE6115B95A901BA677A8EBD4316F49883AEF88632E0CB365C418A1C
                                                                                                                  Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$EnableShow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1136574915-0
                                                                                                                  • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                  • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                  • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                  • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                  Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3712363035-0
                                                                                                                  • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                  • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                  • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                  • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                  Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                    • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                    • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                    • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2547128583-0
                                                                                                                  • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                  • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                  • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                  • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                  Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                  • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InvalidateMessageRectSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 909852535-0
                                                                                                                  • Opcode ID: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                  • Instruction ID: 5efb85e177e5feb05262591b5578bbf68be0fc1facb886aaf0ec985341d6bcc2
                                                                                                                  • Opcode Fuzzy Hash: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                  • Instruction Fuzzy Hash: CEE08C72700008FFEB01CBA4EE84DAEB779FB40315B00007AF502A00A0D7300D40DA28
                                                                                                                  Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 415043291-0
                                                                                                                  • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                  • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                  • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                  • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                  Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3188754299-0
                                                                                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                  • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                  • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                  Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                  Strings
                                                                                                                  • C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\, xrefs: 00403B31
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseHandle
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\
                                                                                                                  • API String ID: 2962429428-2273554972
                                                                                                                  • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                  • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                  • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                  • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                  Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                  • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1375471231-0
                                                                                                                  • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                  • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                  • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                  • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                  Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FilePointerwsprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 327478801-0
                                                                                                                  • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                  • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                  • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                  • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                  Function 004028DE Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FindNextFileW.KERNELBASE(00000000,?,?), ref: 004028F2
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileFindNext
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2029273394-0
                                                                                                                  • Opcode ID: 5a0eca54d12d830a6cf0b67cd5981ecab404d45d89ec6f49a99563b0e2ede8d6
                                                                                                                  • Instruction ID: db9f6404ebf4ce2de6069d57e227025b0e6a75b8a6eb25932bbfae1af7e2135c
                                                                                                                  • Opcode Fuzzy Hash: 5a0eca54d12d830a6cf0b67cd5981ecab404d45d89ec6f49a99563b0e2ede8d6
                                                                                                                  • Instruction Fuzzy Hash: 3EE0E572A041159BDB11DFA5ED88AAE7374EF40314F20447BD102F61D0E7B85A55AB1D
                                                                                                                  Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2289755597-0
                                                                                                                  • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                  • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                  • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                  • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                  Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3934441357-0
                                                                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                  • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                  • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                  Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2738559852-0
                                                                                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                  • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                  • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                  Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Open
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 71445658-0
                                                                                                                  • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                  • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                  • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                  • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                  Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000), ref: 00406779
                                                                                                                  • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ItemTextlstrcatlstrlen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 281422827-0
                                                                                                                  • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                  • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                  • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                  • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                  Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00060464,00000000,00000000,00000000), ref: 004044F7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3850602802-0
                                                                                                                  • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                  • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                  • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                  • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                  Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3850602802-0
                                                                                                                  • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                  • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                  • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                  • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                  Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FilePointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 973152223-0
                                                                                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                  Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2492992576-0
                                                                                                                  • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                  • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                  • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                  • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                  Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000,00425020,762323A0), ref: 004055FA
                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\), ref: 0040560C
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                    • Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                    • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2972824698-0
                                                                                                                  • Opcode ID: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                  • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                  • Opcode Fuzzy Hash: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                  • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                  Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3472027048-0
                                                                                                                  • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                  • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                  • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                  • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C

                                                                                                                  Non-executed Functions

                                                                                                                  Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                  • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                  • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                    • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                    • Part of subcall function 004067C4: CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                    • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                    • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                    • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                  • String ID: A$C:\Program Files\Wildix\WIService$Remove folder:
                                                                                                                  • API String ID: 2624150263-2916885083
                                                                                                                  • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                  • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                  • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                  • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                  Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                  • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                  • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                  • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                  Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                  • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                  • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                  • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                  Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                  • String ID: $M$N
                                                                                                                  • API String ID: 2564846305-813528018
                                                                                                                  • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                  • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                  • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                  • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                  Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                  • GetSysColor.USER32(?), ref: 00404738
                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                  • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                  • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                  • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                  • String ID: N$Remove folder:
                                                                                                                  • API String ID: 3103080414-3051863454
                                                                                                                  • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                  • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                  • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                  • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                  • String ID: F
                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                  • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                  • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                  • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                  • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                  Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                  • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                  • wsprintfA.USER32 ref: 00406202
                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                  • Opcode ID: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                  • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                  • Opcode Fuzzy Hash: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                  • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                  Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                  • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                  • GetSysColor.USER32(?), ref: 00404586
                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                  • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2320649405-0
                                                                                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                  • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                  • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                    • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                  • String ID: 9
                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                  • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                  • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                  • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                  • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                  Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                  • CharNextW.USER32(?,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                  • CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                  • API String ID: 589700163-826357637
                                                                                                                  • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                  • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                  • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                  • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                  Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                  • GetMessagePos.USER32 ref: 00404E77
                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                  • String ID: f
                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                  • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                  • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                  Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetDC.USER32(?), ref: 00401E51
                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\,00000000), ref: 00406779
                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                  • API String ID: 2584051700-76309092
                                                                                                                  • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                  • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                  • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                  • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                  Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                  • MulDiv.KERNEL32(01858A60,00000064,0185B4D8), ref: 00402FDC
                                                                                                                  • wsprintfW.USER32 ref: 00402FEC
                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                  Strings
                                                                                                                  • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                  • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                  • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                  • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                  • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2667972263-0
                                                                                                                  • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                  • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                  • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                  • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                  Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                  • wsprintfW.USER32 ref: 00404DF0
                                                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                  • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                  • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                  • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                  • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                  Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4#v,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                  • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                  • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CharNext
                                                                                                                  • String ID: C:\
                                                                                                                  • API String ID: 3213498283-3404278061
                                                                                                                  • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                  • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                  • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                  • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                  Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                  Strings
                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                  • API String ID: 2659869361-3936084776
                                                                                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                  • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                  • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                  Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dll), ref: 00402695
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrlen
                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsq2C47.tmp$C:\Users\user\AppData\Local\Temp\nsq2C47.tmp\System.dll
                                                                                                                  • API String ID: 1659193697-763606718
                                                                                                                  • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                  • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                  • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                  • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                  Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                  • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2102729457-0
                                                                                                                  • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                  • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                  • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                  • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                  Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(00060464,00000000,00000000,00000000), ref: 004044F7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                  • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                  • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                  • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                  • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                  Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003), ref: 00405E6E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                  • API String ID: 2709904686-3125694417
                                                                                                                  • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                  • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                  • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                  • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                  Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.2476824230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.2476788349.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476861445.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2476924043.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.2477184964.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 190613189-0
                                                                                                                  • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                  • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                  • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                  • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:2.9%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:0.3%
                                                                                                                  Total number of Nodes:947
                                                                                                                  Total number of Limit Nodes:56
                                                                                                                  execution_graph 38804 7ffd9a0451c4 38805 7ffd9a0451cf 38804->38805 38875 7ffd9a043270 38805->38875 38807 7ffd9a045222 38811 7ffd9a0452a8 38807->38811 38812 7ffd9a04524a 38807->38812 38808 7ffd9a0451df 38808->38807 38809 7ffd9a045340 38808->38809 38810 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38809->38810 38813 7ffd9a045345 38810->38813 38814 7ffd9a042660 54 API calls 38811->38814 38819 7ffd9a04528a 38812->38819 38900 7ffd9a042660 38812->38900 38913 7ffd9a0bf500 38813->38913 38814->38819 38818 7ffd9a04534b OutputDebugStringA 38823 7ffd9a0453e4 38818->38823 38819->38813 38820 7ffd9a045314 38819->38820 38918 7ffd9a0a0080 38820->38918 38824 7ffd9a043270 85 API calls 38823->38824 38826 7ffd9a04540f 38823->38826 38824->38826 38825 7ffd9a04545b 38827 7ffd9a050950 57 API calls 38825->38827 38826->38825 38828 7ffd9a0457cc 38826->38828 38829 7ffd9a045490 38827->38829 38831 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38828->38831 38830 7ffd9a041dd0 54 API calls 38829->38830 38832 7ffd9a0454b4 38830->38832 38833 7ffd9a0457d1 38831->38833 38832->38833 38834 7ffd9a0454f3 38832->38834 38835 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38833->38835 38836 7ffd9a0484b0 71 API calls 38834->38836 38842 7ffd9a04551c 38835->38842 38837 7ffd9a0454fd 38836->38837 38838 7ffd9a050950 57 API calls 38837->38838 38839 7ffd9a045510 38838->38839 38841 7ffd9a04aa90 85 API calls 38839->38841 38840 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38845 7ffd9a04555b 38840->38845 38841->38842 38842->38840 38842->38845 38843 7ffd9a09fed8 shared_ptr 5 API calls 38844 7ffd9a0457ea 38843->38844 38846 7ffd9a045588 38844->38846 38848 7ffd9a09f98c _Maklocstr RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 38844->38848 38845->38843 38845->38846 38847 7ffd9a042660 54 API calls 38846->38847 38851 7ffd9a0456fb 38847->38851 38849 7ffd9a045801 38848->38849 38850 7ffd9a09fd38 shared_ptr 55 API calls 38849->38850 38853 7ffd9a045842 38850->38853 38852 7ffd9a04574d 38851->38852 38854 7ffd9a045855 38851->38854 38855 7ffd9a0a0080 DName::DName 8 API calls 38852->38855 38856 7ffd9a09fe78 _Init_thread_footer EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 38853->38856 38858 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38854->38858 38857 7ffd9a0457bb 38855->38857 38856->38846 38859 7ffd9a04585a 38858->38859 38860 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38859->38860 38861 7ffd9a045860 38860->38861 38862 7ffd9a043270 85 API calls 38861->38862 38863 7ffd9a045918 38861->38863 38862->38863 38864 7ffd9a045964 38863->38864 38866 7ffd9a045a51 38863->38866 38865 7ffd9a042cc0 54 API calls 38864->38865 38869 7ffd9a0459e8 38865->38869 38867 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38866->38867 38868 7ffd9a045a56 38867->38868 38871 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38868->38871 38869->38868 38870 7ffd9a045a30 38869->38870 38872 7ffd9a0a0080 DName::DName 8 API calls 38870->38872 38873 7ffd9a045a5c 38871->38873 38874 7ffd9a045a46 38872->38874 38876 7ffd9a0432b5 38875->38876 38889 7ffd9a043294 _Maklocstr 38875->38889 38877 7ffd9a0433be 38876->38877 38878 7ffd9a0432c8 38876->38878 38936 7ffd9a043150 54 API calls _Maklocstr 38877->38936 38880 7ffd9a043311 38878->38880 38883 7ffd9a04333d 38878->38883 38884 7ffd9a043304 38878->38884 38927 7ffd9a09f98c 38880->38927 38881 7ffd9a0433c3 38937 7ffd9a043130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 38881->38937 38886 7ffd9a09f98c _Maklocstr 4 API calls 38883->38886 38888 7ffd9a043326 _Maklocstr 38883->38888 38884->38880 38884->38881 38886->38888 38887 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38890 7ffd9a0433cf 38887->38890 38888->38887 38888->38889 38889->38808 38891 7ffd9a043270 85 API calls 38890->38891 38892 7ffd9a0bf500 52 API calls _invalid_parameter_noinfo_noreturn 38890->38892 38893 7ffd9a050950 57 API calls 38890->38893 38897 7ffd9a0436e9 38890->38897 38938 7ffd9a042420 54 API calls 3 library calls 38890->38938 38939 7ffd9a0484b0 38890->38939 38956 7ffd9a048b40 69 API calls 5 library calls 38890->38956 38891->38890 38892->38890 38893->38890 38898 7ffd9a0a0080 DName::DName 8 API calls 38897->38898 38899 7ffd9a04374f 38898->38899 38899->38808 38901 7ffd9a0426e1 38900->38901 38901->38901 38963 7ffd9a077a60 38901->38963 38903 7ffd9a042729 38904 7ffd9a042816 38903->38904 38905 7ffd9a0427b3 38903->38905 38909 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38904->38909 38906 7ffd9a0427f3 38905->38906 38910 7ffd9a04281b 38905->38910 38907 7ffd9a0a0080 DName::DName 8 API calls 38906->38907 38908 7ffd9a042809 DisableThreadLibraryCalls 38907->38908 38908->38819 38909->38910 38911 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38910->38911 38912 7ffd9a042821 38911->38912 38984 7ffd9a0bf378 52 API calls _invalid_parameter_noinfo_noreturn 38913->38984 38915 7ffd9a0bf519 38985 7ffd9a0bf530 IsProcessorFeaturePresent 38915->38985 38919 7ffd9a0a0089 38918->38919 38920 7ffd9a04532f 38919->38920 38921 7ffd9a0a01ec IsProcessorFeaturePresent 38919->38921 38922 7ffd9a0a0204 38921->38922 38990 7ffd9a0a03e0 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 38922->38990 38924 7ffd9a0a0217 38991 7ffd9a0a01b8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 38924->38991 38928 7ffd9a09f997 38927->38928 38929 7ffd9a09f9b0 38928->38929 38931 7ffd9a09f9b6 38928->38931 38957 7ffd9a0cfec8 EnterCriticalSection LeaveCriticalSection _Maklocstr 38928->38957 38929->38888 38932 7ffd9a09f9c1 38931->38932 38958 7ffd9a077c50 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 38931->38958 38959 7ffd9a043130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 38932->38959 38938->38890 38940 7ffd9a048523 38939->38940 38941 7ffd9a0484df 38939->38941 38962 7ffd9a09fed8 5 API calls shared_ptr 38940->38962 38941->38890 38956->38890 38957->38928 38972 7ffd9a06c630 38963->38972 38965 7ffd9a077ad3 std::bad_exception::bad_exception 38968 7ffd9a077b44 38965->38968 38969 7ffd9a077b1b 38965->38969 38966 7ffd9a0a0080 DName::DName 8 API calls 38967 7ffd9a077b33 38966->38967 38967->38903 38970 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38968->38970 38969->38966 38971 7ffd9a077b49 38970->38971 38973 7ffd9a06c6d9 38972->38973 38974 7ffd9a06c656 38972->38974 38983 7ffd9a06b1e0 54 API calls std::bad_exception::bad_exception 38973->38983 38974->38973 38976 7ffd9a06c660 38974->38976 38977 7ffd9a06c6ae 38976->38977 38981 7ffd9a0779b0 54 API calls 3 library calls 38976->38981 38982 7ffd9a06cbd0 8 API calls 2 library calls 38977->38982 38980 7ffd9a06c6d7 38980->38965 38982->38980 38983->38980 38984->38915 38986 7ffd9a0bf543 38985->38986 38989 7ffd9a0bf214 14 API calls 3 library calls 38986->38989 38988 7ffd9a0bf55e GetCurrentProcess TerminateProcess 38989->38988 38990->38924 38992 7ffd9a0561ce 38993 7ffd9a0561f9 38992->38993 38994 7ffd9a056216 38992->38994 39016 7ffd9a09b740 62 API calls DName::DName 38993->39016 39017 7ffd9a04f8a0 54 API calls 3 library calls 38994->39017 38998 7ffd9a056227 38999 7ffd9a0563b9 38998->38999 39000 7ffd9a0563bf 38998->39000 39018 7ffd9a048ad0 38998->39018 39002 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 38999->39002 39004 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39000->39004 39001 7ffd9a056336 39003 7ffd9a056369 39001->39003 39007 7ffd9a0563b4 39001->39007 39002->39000 39023 7ffd9a05e0c0 69 API calls shared_ptr 39003->39023 39006 7ffd9a0563c5 39004->39006 39025 7ffd9a0b1d24 52 API calls 2 library calls 39006->39025 39010 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39007->39010 39008 7ffd9a056376 39024 7ffd9a05dde0 69 API calls shared_ptr 39008->39024 39010->38999 39012 7ffd9a0563f9 39013 7ffd9a05637e 39014 7ffd9a0a0080 DName::DName 8 API calls 39013->39014 39015 7ffd9a05639b 39014->39015 39016->38994 39017->38998 39019 7ffd9a048b0c 39018->39019 39020 7ffd9a048ae3 39018->39020 39019->39001 39020->39019 39021 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39020->39021 39022 7ffd9a048b30 39021->39022 39023->39008 39024->39013 39025->39012 39026 7ffd9a0635d0 39033 7ffd9a0c5e3c 39026->39033 39030 7ffd9a063642 39031 7ffd9a0a0080 DName::DName 8 API calls 39030->39031 39032 7ffd9a06368e 39031->39032 39039 7ffd9a0d14e4 39033->39039 39036 7ffd9a063609 39038 7ffd9a0c662c 57 API calls _Wcsftime 39036->39038 39038->39030 39079 7ffd9a0d1b40 GetLastError 39039->39079 39041 7ffd9a0d151c 39098 7ffd9a0c531c 11 API calls std::_Stodx_v2 39041->39098 39042 7ffd9a0d14ef 39042->39041 39043 7ffd9a0c5e53 39042->39043 39044 7ffd9a0d1500 39042->39044 39043->39036 39050 7ffd9a0c5b3c 39043->39050 39096 7ffd9a0d7a24 12 API calls 3 library calls 39044->39096 39047 7ffd9a0d1508 39097 7ffd9a0d35a8 11 API calls 2 library calls 39047->39097 39049 7ffd9a0d1513 39049->39041 39049->39043 39051 7ffd9a0c5b6d 39050->39051 39052 7ffd9a0c5b52 39050->39052 39051->39052 39054 7ffd9a0c5b86 39051->39054 39117 7ffd9a0c531c 11 API calls std::_Stodx_v2 39052->39117 39056 7ffd9a0c5b8c 39054->39056 39057 7ffd9a0c5ba9 39054->39057 39055 7ffd9a0c5b57 39118 7ffd9a0bf4e0 52 API calls _invalid_parameter_noinfo_noreturn 39055->39118 39119 7ffd9a0c531c 11 API calls std::_Stodx_v2 39056->39119 39111 7ffd9a0d6d84 39057->39111 39062 7ffd9a0c5e23 39063 7ffd9a0bf530 _invalid_parameter_noinfo_noreturn 17 API calls 39062->39063 39065 7ffd9a0c5e38 39063->39065 39067 7ffd9a0d14e4 12 API calls 39065->39067 39066 7ffd9a0c5bd4 39066->39062 39121 7ffd9a0d6de4 52 API calls 2 library calls 39066->39121 39069 7ffd9a0c5e53 39067->39069 39072 7ffd9a0c5b3c 53 API calls 39069->39072 39073 7ffd9a0c5e68 39069->39073 39070 7ffd9a0c5be5 39070->39062 39071 7ffd9a0c5bed 39070->39071 39074 7ffd9a0c5c06 39071->39074 39075 7ffd9a0c5c66 39071->39075 39072->39073 39073->39036 39078 7ffd9a0c5b63 39074->39078 39122 7ffd9a0d79c4 52 API calls _isindst 39074->39122 39075->39078 39123 7ffd9a0d79c4 52 API calls _isindst 39075->39123 39078->39036 39080 7ffd9a0d1b81 FlsSetValue 39079->39080 39084 7ffd9a0d1b64 39079->39084 39081 7ffd9a0d1b93 39080->39081 39093 7ffd9a0d1b71 39080->39093 39099 7ffd9a0d35e4 39081->39099 39082 7ffd9a0d1bed SetLastError 39082->39042 39084->39080 39084->39093 39086 7ffd9a0d1bc0 FlsSetValue 39089 7ffd9a0d1bcc FlsSetValue 39086->39089 39090 7ffd9a0d1bde 39086->39090 39087 7ffd9a0d1bb0 FlsSetValue 39088 7ffd9a0d1bb9 39087->39088 39106 7ffd9a0d35a8 11 API calls 2 library calls 39088->39106 39089->39088 39107 7ffd9a0d1734 11 API calls std::_Stodx_v2 39090->39107 39093->39082 39094 7ffd9a0d1be6 39108 7ffd9a0d35a8 11 API calls 2 library calls 39094->39108 39096->39047 39097->39049 39098->39043 39104 7ffd9a0d35f5 _Wcsftime 39099->39104 39100 7ffd9a0d3646 39110 7ffd9a0c531c 11 API calls std::_Stodx_v2 39100->39110 39101 7ffd9a0d362a HeapAlloc 39103 7ffd9a0d1ba2 39101->39103 39101->39104 39103->39086 39103->39087 39104->39100 39104->39101 39109 7ffd9a0cfec8 EnterCriticalSection LeaveCriticalSection _Maklocstr 39104->39109 39106->39093 39107->39094 39108->39082 39109->39104 39110->39103 39112 7ffd9a0d6d8d 39111->39112 39114 7ffd9a0c5bc3 39111->39114 39124 7ffd9a0c531c 11 API calls std::_Stodx_v2 39112->39124 39114->39062 39120 7ffd9a0d6db4 52 API calls 2 library calls 39114->39120 39115 7ffd9a0d6d92 39125 7ffd9a0bf4e0 52 API calls _invalid_parameter_noinfo_noreturn 39115->39125 39117->39055 39118->39078 39119->39078 39120->39066 39121->39070 39122->39078 39123->39078 39124->39115 39125->39114 39126 7ffd9a054aa0 GetCurrentThreadId 39127 7ffd9a054ace 39126->39127 39129 7ffd9a054b36 39127->39129 39134 7ffd9a052910 39127->39134 39152 7ffd9a0b1490 39134->39152 39137 7ffd9a052950 AcquireSRWLockShared 39138 7ffd9a09f98c _Maklocstr 4 API calls 39137->39138 39139 7ffd9a05296d 39138->39139 39140 7ffd9a05298b ReleaseSRWLockShared 39139->39140 39189 7ffd9a056ac0 62 API calls 39139->39189 39144 7ffd9a0b1490 TlsGetValue 39140->39144 39147 7ffd9a0529a4 39144->39147 39145 7ffd9a0529e9 39186 7ffd9a0a8e30 39145->39186 39155 7ffd9a04a0d0 39147->39155 39190 7ffd9a0b13e0 TlsGetValue 39152->39190 39154 7ffd9a052940 39154->39137 39154->39147 39156 7ffd9a04a0f4 39155->39156 39157 7ffd9a04a180 39155->39157 39191 7ffd9a0475a0 93 API calls 39156->39191 39157->39145 39159 7ffd9a04a101 39160 7ffd9a04a16d 39159->39160 39162 7ffd9a04a1a9 _DeleteExceptionPtr 39159->39162 39160->39157 39192 7ffd9a0489e0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39160->39192 39193 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39162->39193 39166 7ffd9a04a5f4 39220 7ffd9a043150 54 API calls _Maklocstr 39166->39220 39169 7ffd9a04a5f9 39173 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39169->39173 39174 7ffd9a04a5ff 39173->39174 39175 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39174->39175 39176 7ffd9a04a605 39175->39176 39179 7ffd9a043270 85 API calls 39183 7ffd9a04a1fc _Maklocstr std::bad_exception::bad_exception 39179->39183 39181 7ffd9a04a583 39182 7ffd9a0a0080 DName::DName 8 API calls 39181->39182 39184 7ffd9a04a59d 39182->39184 39183->39166 39183->39169 39183->39174 39183->39179 39183->39181 39185 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39183->39185 39194 7ffd9a04f6b0 54 API calls 39183->39194 39195 7ffd9a043180 39183->39195 39206 7ffd9a046d20 39183->39206 39214 7ffd9a046df0 62 API calls _Maklocstr 39183->39214 39215 7ffd9a045a60 93 API calls 2 library calls 39183->39215 39216 7ffd9a047f30 52 API calls _Receive_impl 39183->39216 39217 7ffd9a09fed8 5 API calls shared_ptr 39183->39217 39218 7ffd9a09fd38 55 API calls shared_ptr 39183->39218 39219 7ffd9a09fe78 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 39183->39219 39184->39145 39185->39183 39187 7ffd9a0a8e37 39186->39187 39188 7ffd9a0a8e3a OutputDebugStringA 39186->39188 39187->39188 39189->39140 39190->39154 39191->39159 39192->39157 39193->39183 39194->39183 39196 7ffd9a04318d 39195->39196 39197 7ffd9a0431b4 39195->39197 39198 7ffd9a043196 39196->39198 39199 7ffd9a0431cc 39196->39199 39197->39183 39201 7ffd9a09f98c _Maklocstr 4 API calls 39198->39201 39221 7ffd9a043130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39199->39221 39202 7ffd9a04319b 39201->39202 39203 7ffd9a0431a3 39202->39203 39204 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39202->39204 39203->39183 39205 7ffd9a0431d7 39204->39205 39207 7ffd9a046d56 39206->39207 39208 7ffd9a046de4 39207->39208 39209 7ffd9a046d68 39207->39209 39222 7ffd9a043150 54 API calls _Maklocstr 39208->39222 39212 7ffd9a043180 std::bad_exception::bad_exception 54 API calls 39209->39212 39213 7ffd9a046d76 _Maklocstr 39209->39213 39212->39213 39213->39183 39214->39183 39215->39183 39216->39183 39218->39183 39223 7ffd9a05d73a 39228 7ffd9a09fd38 55 API calls shared_ptr 39223->39228 39225 7ffd9a05d746 39229 7ffd9a09fe78 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 39225->39229 39228->39225 39230 7ffd9a041b48 39231 7ffd9a041b56 39230->39231 39232 7ffd9a041b82 39230->39232 39231->39232 39235 7ffd9a041be5 39231->39235 39233 7ffd9a041bc2 39232->39233 39238 7ffd9a041bea 39232->39238 39234 7ffd9a0a0080 DName::DName 8 API calls 39233->39234 39236 7ffd9a041bd8 39234->39236 39237 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39235->39237 39237->39238 39239 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39238->39239 39240 7ffd9a041bf0 39239->39240 39241 7ffd9a077a60 std::bad_exception::bad_exception 54 API calls 39240->39241 39242 7ffd9a041cc9 39241->39242 39243 7ffd9a041d53 39242->39243 39245 7ffd9a041db6 39242->39245 39244 7ffd9a041d93 39243->39244 39249 7ffd9a041dbb 39243->39249 39246 7ffd9a0a0080 DName::DName 8 API calls 39244->39246 39248 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39245->39248 39247 7ffd9a041da9 39246->39247 39248->39249 39250 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39249->39250 39251 7ffd9a041dc1 39250->39251 39252 7ffd9a044195 39254 7ffd9a04419f 39252->39254 39253 7ffd9a0441d3 39255 7ffd9a0a0080 DName::DName 8 API calls 39253->39255 39254->39253 39256 7ffd9a044200 39254->39256 39257 7ffd9a0441eb 39255->39257 39258 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39256->39258 39259 7ffd9a044205 39258->39259 39260 7ffd9a043270 85 API calls 39259->39260 39261 7ffd9a0442e8 39259->39261 39260->39261 39262 7ffd9a044334 39261->39262 39264 7ffd9a04461e 39261->39264 39302 7ffd9a050950 39262->39302 39266 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39264->39266 39265 7ffd9a044383 39322 7ffd9a041fb0 39265->39322 39268 7ffd9a044623 39266->39268 39272 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39268->39272 39270 7ffd9a04441a 39271 7ffd9a0484b0 71 API calls 39270->39271 39273 7ffd9a044424 39271->39273 39274 7ffd9a044629 39272->39274 39275 7ffd9a050950 57 API calls 39273->39275 39277 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39274->39277 39276 7ffd9a04443a 39275->39276 39335 7ffd9a0499b0 39276->39335 39279 7ffd9a04462f 39277->39279 39281 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39279->39281 39280 7ffd9a04445b 39280->39274 39284 7ffd9a04449b 39280->39284 39282 7ffd9a044635 39281->39282 39283 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39282->39283 39285 7ffd9a04463b 39283->39285 39284->39279 39286 7ffd9a0444f7 39284->39286 39288 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39285->39288 39287 7ffd9a0a0080 DName::DName 8 API calls 39286->39287 39289 7ffd9a04460b 39287->39289 39290 7ffd9a044641 39288->39290 39291 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39290->39291 39298 7ffd9a044647 39291->39298 39292 7ffd9a043270 85 API calls 39292->39298 39293 7ffd9a050950 57 API calls 39293->39298 39295 7ffd9a0bf500 52 API calls _invalid_parameter_noinfo_noreturn 39295->39298 39296 7ffd9a0484b0 71 API calls 39296->39298 39298->39292 39298->39293 39298->39295 39298->39296 39299 7ffd9a04487f 39298->39299 39380 7ffd9a042230 39298->39380 39393 7ffd9a04b150 54 API calls 39298->39393 39300 7ffd9a0a0080 DName::DName 8 API calls 39299->39300 39301 7ffd9a0448e2 39300->39301 39303 7ffd9a05097e 39302->39303 39321 7ffd9a050b21 39302->39321 39304 7ffd9a0509a3 WideCharToMultiByte 39303->39304 39303->39321 39305 7ffd9a0509d5 39304->39305 39304->39321 39306 7ffd9a050b69 39305->39306 39307 7ffd9a0509ff 39305->39307 39308 7ffd9a050a29 39305->39308 39394 7ffd9a0500d0 54 API calls _Maklocstr 39306->39394 39310 7ffd9a050b6f 39307->39310 39312 7ffd9a09f98c _Maklocstr 4 API calls 39307->39312 39311 7ffd9a09f98c _Maklocstr 4 API calls 39308->39311 39395 7ffd9a043130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39310->39395 39316 7ffd9a050a12 memcpy_s 39311->39316 39312->39316 39315 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39315->39306 39317 7ffd9a050a74 WideCharToMultiByte 39316->39317 39320 7ffd9a050ad1 39316->39320 39318 7ffd9a050aa0 39317->39318 39317->39320 39319 7ffd9a050aa4 WideCharToMultiByte 39318->39319 39318->39320 39319->39320 39320->39315 39320->39321 39321->39265 39323 7ffd9a041ffc 39322->39323 39324 7ffd9a077a60 std::bad_exception::bad_exception 54 API calls 39323->39324 39325 7ffd9a04212c 39324->39325 39326 7ffd9a0421b6 39325->39326 39329 7ffd9a042219 39325->39329 39327 7ffd9a0421f6 39326->39327 39330 7ffd9a04221e 39326->39330 39328 7ffd9a0a0080 DName::DName 8 API calls 39327->39328 39331 7ffd9a04220c 39328->39331 39332 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39329->39332 39333 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39330->39333 39331->39268 39331->39270 39332->39330 39334 7ffd9a042224 39333->39334 39343 7ffd9a049a18 memcpy_s 39335->39343 39337 7ffd9a049fd0 39425 7ffd9a047150 52 API calls __std_exception_copy 39337->39425 39338 7ffd9a049fef 39427 7ffd9a078124 54 API calls 2 library calls 39338->39427 39340 7ffd9a049a8d 39396 7ffd9a0464a0 39340->39396 39341 7ffd9a049fde 39426 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39341->39426 39343->39338 39343->39340 39378 7ffd9a049fa7 39343->39378 39422 7ffd9a04a610 99 API calls 5 library calls 39343->39422 39346 7ffd9a049ff7 39428 7ffd9a046050 54 API calls 2 library calls 39346->39428 39349 7ffd9a04a023 39429 7ffd9a046fd0 52 API calls __std_exception_copy 39349->39429 39350 7ffd9a049f67 _Mtx_unlock 39355 7ffd9a0a0080 DName::DName 8 API calls 39350->39355 39352 7ffd9a04a031 39430 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39352->39430 39353 7ffd9a046d20 54 API calls 39356 7ffd9a049aba 39353->39356 39358 7ffd9a049f81 39355->39358 39356->39346 39356->39350 39356->39353 39357 7ffd9a04a042 39356->39357 39360 7ffd9a04a048 39356->39360 39361 7ffd9a0506c0 62 API calls 39356->39361 39363 7ffd9a04a04e 39356->39363 39365 7ffd9a04a054 39356->39365 39367 7ffd9a04a05a 39356->39367 39370 7ffd9a04a060 39356->39370 39371 7ffd9a049f9c 39356->39371 39374 7ffd9a049fa1 39356->39374 39377 7ffd9a050950 57 API calls 39356->39377 39409 7ffd9a041dd0 39356->39409 39423 7ffd9a046670 54 API calls 3 library calls 39356->39423 39359 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39357->39359 39358->39280 39359->39360 39362 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39360->39362 39361->39356 39362->39363 39364 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39363->39364 39364->39365 39366 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39365->39366 39366->39367 39369 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39367->39369 39369->39370 39372 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39370->39372 39373 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39371->39373 39375 7ffd9a04a066 39372->39375 39373->39374 39376 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39374->39376 39375->39280 39376->39378 39377->39356 39424 7ffd9a045f40 54 API calls 2 library calls 39378->39424 39381 7ffd9a04227c 39380->39381 39382 7ffd9a077a60 std::bad_exception::bad_exception 54 API calls 39381->39382 39383 7ffd9a042335 39382->39383 39384 7ffd9a0423ad 39383->39384 39385 7ffd9a042410 39383->39385 39388 7ffd9a0423ed 39384->39388 39390 7ffd9a042415 39384->39390 39387 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39385->39387 39386 7ffd9a0a0080 DName::DName 8 API calls 39389 7ffd9a042403 39386->39389 39387->39390 39388->39386 39389->39298 39391 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39390->39391 39392 7ffd9a04241b 39391->39392 39393->39298 39397 7ffd9a046520 39396->39397 39397->39397 39398 7ffd9a077a60 std::bad_exception::bad_exception 54 API calls 39397->39398 39399 7ffd9a046568 39398->39399 39400 7ffd9a0465f2 39399->39400 39402 7ffd9a046655 39399->39402 39401 7ffd9a046632 39400->39401 39404 7ffd9a04665a 39400->39404 39403 7ffd9a0a0080 DName::DName 8 API calls 39401->39403 39406 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39402->39406 39405 7ffd9a046648 39403->39405 39407 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39404->39407 39405->39356 39406->39404 39408 7ffd9a046660 39407->39408 39410 7ffd9a041e1c 39409->39410 39411 7ffd9a077a60 std::bad_exception::bad_exception 54 API calls 39410->39411 39412 7ffd9a041eab 39411->39412 39413 7ffd9a041f35 39412->39413 39415 7ffd9a041f98 39412->39415 39414 7ffd9a041f75 39413->39414 39418 7ffd9a041f9d 39413->39418 39416 7ffd9a0a0080 DName::DName 8 API calls 39414->39416 39417 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39415->39417 39419 7ffd9a041f8b 39416->39419 39417->39418 39420 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39418->39420 39419->39356 39421 7ffd9a041fa3 39420->39421 39422->39343 39423->39356 39424->39337 39425->39341 39426->39338 39428->39349 39429->39352 39430->39357 39431 7ffd9a04488c 39438 7ffd9a044650 39431->39438 39432 7ffd9a0a0080 DName::DName 8 API calls 39433 7ffd9a0448e2 39432->39433 39434 7ffd9a0bf500 52 API calls _invalid_parameter_noinfo_noreturn 39434->39438 39435 7ffd9a043270 85 API calls 39435->39438 39436 7ffd9a042230 54 API calls 39436->39438 39437 7ffd9a0484b0 71 API calls 39437->39438 39438->39434 39438->39435 39438->39436 39438->39437 39439 7ffd9a050950 57 API calls 39438->39439 39441 7ffd9a04487f 39438->39441 39442 7ffd9a04b150 54 API calls 39438->39442 39439->39438 39441->39432 39442->39438 39443 7ffd9a062e18 39480 7ffd9a04f2a0 39443->39480 39445 7ffd9a062ec7 39483 7ffd9a09bc60 39445->39483 39448 7ffd9a062f94 39451 7ffd9a09bc60 59 API calls 39448->39451 39449 7ffd9a063398 39450 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39449->39450 39452 7ffd9a06339d 39450->39452 39453 7ffd9a063066 39451->39453 39455 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39452->39455 39453->39452 39454 7ffd9a0630aa 39453->39454 39500 7ffd9a09e180 39454->39500 39457 7ffd9a0633a3 39455->39457 39461 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39457->39461 39459 7ffd9a0632f3 39566 7ffd9a04f130 39459->39566 39464 7ffd9a0633a9 39461->39464 39463 7ffd9a063308 39465 7ffd9a063348 39463->39465 39467 7ffd9a0633af 39463->39467 39466 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39464->39466 39468 7ffd9a0a0080 DName::DName 8 API calls 39465->39468 39466->39467 39471 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39467->39471 39472 7ffd9a06337e 39468->39472 39474 7ffd9a0633b5 39471->39474 39473 7ffd9a063149 39473->39459 39475 7ffd9a063221 39473->39475 39564 7ffd9a09b740 62 API calls DName::DName 39473->39564 39565 7ffd9a0626d0 54 API calls 3 library calls 39475->39565 39478 7ffd9a063258 39478->39457 39479 7ffd9a063297 39478->39479 39479->39459 39479->39464 39574 7ffd9a04f400 39480->39574 39482 7ffd9a04f2ae 39482->39445 39484 7ffd9a062f50 39483->39484 39487 7ffd9a09bc69 39483->39487 39484->39448 39484->39449 39485 7ffd9a09bd51 39486 7ffd9a09bd68 39485->39486 39609 7ffd9a09bbd0 54 API calls 39485->39609 39610 7ffd9a08c8f4 59 API calls _Maklocstr 39486->39610 39487->39485 39488 7ffd9a09bcbb 39487->39488 39490 7ffd9a04f2c0 59 API calls 39488->39490 39493 7ffd9a09bce2 39490->39493 39492 7ffd9a0a0080 DName::DName 8 API calls 39492->39484 39494 7ffd9a09bc60 59 API calls 39493->39494 39495 7ffd9a09bd10 39494->39495 39496 7ffd9a09bd91 39495->39496 39497 7ffd9a09bd4a 39495->39497 39498 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39496->39498 39497->39492 39499 7ffd9a09bd96 39498->39499 39501 7ffd9a09e18e 39500->39501 39611 7ffd9a09e2e0 39501->39611 39504 7ffd9a09d720 39505 7ffd9a09d754 39504->39505 39506 7ffd9a09d7c6 39504->39506 39507 7ffd9a09dba9 39505->39507 39549 7ffd9a09d75d 39505->39549 39509 7ffd9a04f130 59 API calls 39506->39509 39751 7ffd9a09ecb0 67 API calls 3 library calls 39507->39751 39511 7ffd9a09d7f8 39509->39511 39510 7ffd9a09dbe3 39752 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39510->39752 39514 7ffd9a04f130 59 API calls 39511->39514 39513 7ffd9a0a0080 DName::DName 8 API calls 39516 7ffd9a063135 39513->39516 39517 7ffd9a09d815 39514->39517 39515 7ffd9a09dbf3 39753 7ffd9a09eae0 67 API calls 3 library calls 39515->39753 39516->39459 39516->39473 39563 7ffd9a061200 62 API calls 3 library calls 39516->39563 39701 7ffd9a09c8d0 39517->39701 39519 7ffd9a09d81b 39709 7ffd9a09c820 39519->39709 39522 7ffd9a09dc21 39754 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39522->39754 39524 7ffd9a09dc31 39526 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39524->39526 39525 7ffd9a09d823 39527 7ffd9a04f2c0 59 API calls 39525->39527 39538 7ffd9a09d874 39525->39538 39528 7ffd9a09dc37 39526->39528 39527->39538 39529 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39528->39529 39531 7ffd9a09dc3d 39529->39531 39530 7ffd9a09da34 39532 7ffd9a048ad0 52 API calls 39530->39532 39547 7ffd9a09da3d 39532->39547 39534 7ffd9a09c280 59 API calls 39534->39538 39535 7ffd9a09daed 39537 7ffd9a048ad0 52 API calls 39535->39537 39539 7ffd9a09daf7 39537->39539 39538->39528 39538->39530 39538->39534 39541 7ffd9a09e2e0 79 API calls 39538->39541 39544 7ffd9a04f2c0 59 API calls 39538->39544 39548 7ffd9a09d9c3 39538->39548 39747 7ffd9a09c350 59 API calls 39538->39747 39542 7ffd9a048ad0 52 API calls 39539->39542 39541->39538 39545 7ffd9a09db01 39542->39545 39543 7ffd9a09c280 59 API calls 39543->39547 39544->39538 39546 7ffd9a048ad0 52 API calls 39545->39546 39546->39549 39547->39535 39547->39543 39555 7ffd9a09db11 39547->39555 39717 7ffd9a09bda0 39547->39717 39734 7ffd9a09dc40 39547->39734 39748 7ffd9a09d200 59 API calls 39547->39748 39548->39515 39550 7ffd9a09d9d7 39548->39550 39549->39513 39550->39524 39551 7ffd9a09da1a 39550->39551 39553 7ffd9a048ad0 52 API calls 39551->39553 39554 7ffd9a09db33 39553->39554 39556 7ffd9a048ad0 52 API calls 39554->39556 39555->39551 39558 7ffd9a09db6c 39555->39558 39557 7ffd9a09db3d 39556->39557 39559 7ffd9a048ad0 52 API calls 39557->39559 39749 7ffd9a09eae0 67 API calls 3 library calls 39558->39749 39559->39549 39561 7ffd9a09db99 39750 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39561->39750 39563->39473 39564->39475 39565->39478 39567 7ffd9a04f166 39566->39567 39568 7ffd9a04f1fc 39567->39568 39570 7ffd9a04f17c 39567->39570 39761 7ffd9a043150 54 API calls _Maklocstr 39568->39761 39573 7ffd9a04f18a _Maklocstr 39570->39573 39760 7ffd9a04f230 59 API calls 3 library calls 39570->39760 39573->39463 39595 7ffd9a0b3210 39574->39595 39577 7ffd9a04f49c 39579 7ffd9a04f4a1 39577->39579 39580 7ffd9a04f50f GetLastError 39577->39580 39578 7ffd9a04f478 39578->39577 39581 7ffd9a04f47f SHGetSpecialFolderPathW 39578->39581 39597 7ffd9a04f2c0 39579->39597 39604 7ffd9a04f380 54 API calls 2 library calls 39580->39604 39581->39577 39583 7ffd9a04f542 39605 7ffd9a0474f0 52 API calls __std_exception_copy 39583->39605 39586 7ffd9a04f4eb 39588 7ffd9a0a0080 DName::DName 8 API calls 39586->39588 39587 7ffd9a04f550 39606 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39587->39606 39590 7ffd9a04f4fe 39588->39590 39590->39482 39591 7ffd9a04f5ac 39591->39482 39592 7ffd9a04f561 39592->39591 39593 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39592->39593 39594 7ffd9a04f5cc 39593->39594 39594->39482 39596 7ffd9a04f43c SHGetSpecialFolderPathW GetCurrentProcessId ProcessIdToSessionId 39595->39596 39596->39577 39596->39578 39598 7ffd9a04f2f1 39597->39598 39599 7ffd9a04f379 39597->39599 39603 7ffd9a04f2ff _Maklocstr 39598->39603 39607 7ffd9a04f230 59 API calls 3 library calls 39598->39607 39608 7ffd9a043150 54 API calls _Maklocstr 39599->39608 39603->39586 39604->39583 39605->39587 39606->39592 39607->39603 39609->39486 39610->39497 39631 7ffd9a09e460 39611->39631 39613 7ffd9a09e430 39616 7ffd9a0a0080 DName::DName 8 API calls 39613->39616 39614 7ffd9a09e310 39614->39613 39614->39614 39615 7ffd9a09e34d 39614->39615 39617 7ffd9a04f2c0 59 API calls 39615->39617 39618 7ffd9a06310d 39616->39618 39619 7ffd9a09e357 CreateFileW 39617->39619 39618->39459 39618->39504 39620 7ffd9a09e3d6 39619->39620 39621 7ffd9a09e3a4 39619->39621 39622 7ffd9a09e40d 39620->39622 39623 7ffd9a09e3f4 GetLastError 39620->39623 39621->39620 39626 7ffd9a09e457 39621->39626 39675 7ffd9a09e1c0 39622->39675 39674 7ffd9a09e010 67 API calls Concurrency::cancel_current_task 39623->39674 39629 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39626->39629 39627 7ffd9a09e40a 39627->39613 39630 7ffd9a09e45c 39629->39630 39632 7ffd9a09e48a 39631->39632 39633 7ffd9a04f2c0 59 API calls 39632->39633 39634 7ffd9a09e4ba CreateFileW 39633->39634 39635 7ffd9a09e507 39634->39635 39636 7ffd9a09e539 39634->39636 39635->39636 39639 7ffd9a09e5ef 39635->39639 39637 7ffd9a09e557 GetLastError 39636->39637 39638 7ffd9a09e5b9 39636->39638 39641 7ffd9a09e5a6 39637->39641 39642 7ffd9a09e564 39637->39642 39640 7ffd9a09e1c0 71 API calls 39638->39640 39646 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39639->39646 39643 7ffd9a09e5ca CloseHandle 39640->39643 39692 7ffd9a09e010 67 API calls Concurrency::cancel_current_task 39641->39692 39644 7ffd9a09e56e 39642->39644 39645 7ffd9a09e571 GetFileAttributesW 39642->39645 39648 7ffd9a09e5b6 39643->39648 39644->39645 39649 7ffd9a09e59e GetLastError 39645->39649 39650 7ffd9a09e57e 39645->39650 39656 7ffd9a09e5f4 39646->39656 39651 7ffd9a0a0080 DName::DName 8 API calls 39648->39651 39649->39641 39650->39641 39652 7ffd9a09e584 39650->39652 39653 7ffd9a09e5e4 39651->39653 39691 7ffd9a09de20 59 API calls 2 library calls 39652->39691 39653->39614 39655 7ffd9a09e58e 39655->39648 39657 7ffd9a09e75b 39656->39657 39658 7ffd9a09e673 39656->39658 39673 7ffd9a09e63c _Maklocstr 39656->39673 39696 7ffd9a043150 54 API calls _Maklocstr 39657->39696 39659 7ffd9a09e67f 39658->39659 39660 7ffd9a09e693 39658->39660 39693 7ffd9a0417c0 54 API calls 3 library calls 39659->39693 39663 7ffd9a09e6b8 39660->39663 39664 7ffd9a09e6a4 39660->39664 39666 7ffd9a09e6dd 39663->39666 39667 7ffd9a09e6d3 39663->39667 39694 7ffd9a0417c0 54 API calls 3 library calls 39664->39694 39670 7ffd9a09f98c _Maklocstr 4 API calls 39666->39670 39672 7ffd9a09e68e _Maklocstr 39666->39672 39695 7ffd9a0417c0 54 API calls 3 library calls 39667->39695 39668 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39671 7ffd9a09e766 39668->39671 39670->39672 39672->39668 39672->39673 39673->39614 39674->39627 39676 7ffd9a09e1fa 39675->39676 39677 7ffd9a09e23d GetFileInformationByHandle 39675->39677 39682 7ffd9a09e20e GetLastError 39676->39682 39683 7ffd9a09e233 39676->39683 39678 7ffd9a09e267 39677->39678 39679 7ffd9a09e24f GetLastError 39677->39679 39678->39683 39699 7ffd9a09dd20 5 API calls _Maklocstr 39678->39699 39698 7ffd9a09e010 67 API calls Concurrency::cancel_current_task 39679->39698 39682->39677 39684 7ffd9a09e219 39682->39684 39700 7ffd9a09de20 59 API calls 2 library calls 39683->39700 39684->39677 39686 7ffd9a09e21e 39684->39686 39697 7ffd9a09e010 67 API calls Concurrency::cancel_current_task 39686->39697 39687 7ffd9a0a0080 DName::DName 8 API calls 39688 7ffd9a09e2d3 CloseHandle 39687->39688 39688->39613 39690 7ffd9a09e22e 39690->39687 39691->39655 39692->39648 39693->39672 39694->39672 39695->39672 39697->39690 39698->39690 39699->39683 39700->39690 39702 7ffd9a09c8e7 39701->39702 39708 7ffd9a09c93b 39701->39708 39703 7ffd9a09f98c _Maklocstr 4 API calls 39702->39703 39704 7ffd9a09c8ef 39703->39704 39705 7ffd9a04f2c0 59 API calls 39704->39705 39706 7ffd9a09c927 39704->39706 39705->39706 39707 7ffd9a048ad0 52 API calls 39706->39707 39706->39708 39707->39708 39708->39519 39710 7ffd9a09c837 39709->39710 39716 7ffd9a09c88b 39709->39716 39711 7ffd9a09f98c _Maklocstr 4 API calls 39710->39711 39712 7ffd9a09c83f 39711->39712 39713 7ffd9a04f2c0 59 API calls 39712->39713 39714 7ffd9a09c877 39712->39714 39713->39714 39715 7ffd9a048ad0 52 API calls 39714->39715 39714->39716 39715->39716 39716->39525 39718 7ffd9a09bf9e 39717->39718 39719 7ffd9a09bdd5 39717->39719 39720 7ffd9a09bf3a 39718->39720 39758 7ffd9a09ba30 54 API calls 3 library calls 39718->39758 39722 7ffd9a04f2c0 59 API calls 39719->39722 39730 7ffd9a09bea6 std::_Locinfo::_Locinfo_ctor 39719->39730 39721 7ffd9a0a0080 DName::DName 8 API calls 39720->39721 39724 7ffd9a09bff1 39721->39724 39725 7ffd9a09be2c 39722->39725 39724->39547 39727 7ffd9a09bda0 59 API calls 39725->39727 39726 7ffd9a09bf2c 39755 7ffd9a0500f0 59 API calls 2 library calls 39726->39755 39727->39730 39729 7ffd9a09bf88 39757 7ffd9a08c8f4 59 API calls _Maklocstr 39729->39757 39730->39726 39732 7ffd9a09bf3f 39730->39732 39732->39729 39756 7ffd9a09bbd0 54 API calls 39732->39756 39735 7ffd9a09dc58 39734->39735 39736 7ffd9a09dc79 CreateDirectoryExW 39735->39736 39737 7ffd9a09dc9e CreateDirectoryW 39735->39737 39739 7ffd9a09dcb0 39736->39739 39737->39739 39741 7ffd9a09dcc1 GetLastError 39739->39741 39742 7ffd9a09dcb4 39739->39742 39743 7ffd9a09e180 79 API calls 39741->39743 39742->39547 39744 7ffd9a09dcf1 39743->39744 39745 7ffd9a09dd0a 39744->39745 39759 7ffd9a09f390 67 API calls 5 library calls 39744->39759 39745->39547 39747->39538 39748->39547 39749->39561 39750->39507 39751->39510 39752->39515 39753->39522 39754->39524 39755->39720 39756->39729 39757->39720 39758->39720 39759->39745 39760->39573 39762 7ffd9a05edf7 39763 7ffd9a043180 std::bad_exception::bad_exception 54 API calls 39762->39763 39764 7ffd9a05ee13 _Maklocstr 39763->39764 39829 7ffd9a04e160 39764->39829 39766 7ffd9a05ee4e 39836 7ffd9a04ef80 39766->39836 39768 7ffd9a05eee4 39844 7ffd9a0a2a80 39768->39844 39770 7ffd9a05eeef 39849 7ffd9a0a2ab0 39770->39849 39772 7ffd9a05ef6c 39773 7ffd9a05f449 39772->39773 39774 7ffd9a05f44f 39772->39774 39776 7ffd9a05f0bd 39772->39776 39778 7ffd9a05f455 39772->39778 39781 7ffd9a05f424 39772->39781 39775 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39773->39775 39777 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39774->39777 39775->39774 39779 7ffd9a0a2a80 2 API calls 39776->39779 39777->39778 39780 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39778->39780 39788 7ffd9a05f10f 39779->39788 39783 7ffd9a05f45b 39780->39783 39782 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39781->39782 39784 7ffd9a05f429 39782->39784 39923 7ffd9a0c582c 52 API calls 3 library calls 39783->39923 39922 7ffd9a078124 54 API calls 2 library calls 39784->39922 39790 7ffd9a0a2ab0 4 API calls 39788->39790 39794 7ffd9a05f15d 39790->39794 39791 7ffd9a05f471 39796 7ffd9a0a2a80 2 API calls 39794->39796 39797 7ffd9a05f1a7 39796->39797 39800 7ffd9a046d20 54 API calls 39797->39800 39802 7ffd9a05f1ce 39800->39802 39803 7ffd9a0a2ab0 4 API calls 39802->39803 39804 7ffd9a05f206 39803->39804 39853 7ffd9a0a5470 39804->39853 39810 7ffd9a05f293 39879 7ffd9a05e360 39810->39879 39811 7ffd9a05f3cc 39812 7ffd9a05f3f1 ReleaseSRWLockShared 39811->39812 39813 7ffd9a05f3fa 39811->39813 39812->39813 39814 7ffd9a0a0080 DName::DName 8 API calls 39813->39814 39816 7ffd9a05f409 39814->39816 39817 7ffd9a05f319 39886 7ffd9a0a89d0 39817->39886 39819 7ffd9a05f37b 39907 7ffd9a05d3e0 39819->39907 39821 7ffd9a05d3e0 93 API calls 39821->39819 39824 7ffd9a04a0d0 93 API calls 39825 7ffd9a05f3a4 39824->39825 39920 7ffd9a0a8910 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39825->39920 39827 7ffd9a05f3c0 39921 7ffd9a057290 93 API calls 39827->39921 39830 7ffd9a04e17a 39829->39830 39834 7ffd9a04e1d4 39830->39834 39924 7ffd9a04e0d0 54 API calls 39830->39924 39834->39766 39837 7ffd9a04efcf 39836->39837 39838 7ffd9a04f120 39837->39838 39839 7ffd9a04f095 39837->39839 39843 7ffd9a04efd4 _Maklocstr 39837->39843 39925 7ffd9a043150 54 API calls _Maklocstr 39838->39925 39842 7ffd9a043180 std::bad_exception::bad_exception 54 API calls 39839->39842 39842->39843 39843->39768 39846 7ffd9a0a2a89 std::bad_alloc::bad_alloc 39844->39846 39845 7ffd9a0a2a8e 39845->39770 39846->39845 39926 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39846->39926 39848 7ffd9a0a2aae 39850 7ffd9a0a2aed 39849->39850 39851 7ffd9a09f98c _Maklocstr 4 API calls 39850->39851 39852 7ffd9a0a2b09 shared_ptr 39850->39852 39851->39852 39852->39772 39859 7ffd9a0a5486 39853->39859 39854 7ffd9a0a54af 39855 7ffd9a0a54c3 39854->39855 39941 7ffd9a0a83b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 39854->39941 39927 7ffd9a0a53f0 39855->39927 39859->39854 39862 7ffd9a0a53f0 115 API calls 39859->39862 39939 7ffd9a0a8320 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive ReleaseSRWLockExclusive 39859->39939 39940 7ffd9a0a82e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 39859->39940 39862->39859 39863 7ffd9a0a54d3 39865 7ffd9a09f98c _Maklocstr RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39863->39865 39870 7ffd9a05f251 39863->39870 39866 7ffd9a0a54e0 39865->39866 39867 7ffd9a0aaa00 TlsSetValue 39866->39867 39868 7ffd9a0a5503 39867->39868 39869 7ffd9a0a50b0 121 API calls 39868->39869 39869->39870 39871 7ffd9a0a48f0 39870->39871 39943 7ffd9a0a39b0 39871->39943 39874 7ffd9a04d990 39875 7ffd9a09f98c _Maklocstr 4 API calls 39874->39875 39876 7ffd9a04d9b6 39875->39876 39877 7ffd9a04d9c7 39876->39877 39969 7ffd9a0783e8 39876->39969 39877->39810 39881 7ffd9a05e38f _DeleteExceptionPtr 39879->39881 39880 7ffd9a05e3c5 39880->39817 39881->39880 39989 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39881->39989 39883 7ffd9a05e457 39990 7ffd9a058b00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39883->39990 39885 7ffd9a05e47e 39885->39817 39887 7ffd9a05e360 4 API calls 39886->39887 39888 7ffd9a0a8a0d 39887->39888 39889 7ffd9a0783e8 62 API calls 39888->39889 39893 7ffd9a0a8a15 39889->39893 39890 7ffd9a0a2a80 2 API calls 39895 7ffd9a0a8b2f shared_ptr 39890->39895 39891 7ffd9a0a0080 DName::DName 8 API calls 39892 7ffd9a05f332 39891->39892 39892->39819 39892->39821 39893->39890 39901 7ffd9a0a8cad shared_ptr 39893->39901 39894 7ffd9a0a8d7c 39896 7ffd9a0bf500 _invalid_parameter_noinfo_noreturn 52 API calls 39894->39896 39895->39894 39991 7ffd9a0a3300 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection shared_ptr 39895->39991 39898 7ffd9a0a8d82 39896->39898 39899 7ffd9a0a8c78 39899->39901 39904 7ffd9a0a8d4b _DeleteExceptionPtr 39899->39904 39900 7ffd9a0a8c0e _DeleteExceptionPtr 39900->39899 39992 7ffd9a0a8d90 90 API calls 39900->39992 39901->39891 39903 7ffd9a0a8c69 39993 7ffd9a060a30 54 API calls 2 library calls 39903->39993 39994 7ffd9a0b1ddc RtlPcToFileHeader RaiseException 39904->39994 39908 7ffd9a05d420 39907->39908 39909 7ffd9a05d435 39908->39909 39910 7ffd9a04a0d0 93 API calls 39908->39910 39911 7ffd9a04a0d0 93 API calls 39909->39911 39919 7ffd9a05d4c5 _DeleteExceptionPtr 39909->39919 39910->39909 39912 7ffd9a05d474 39911->39912 39914 7ffd9a05d49f _DeleteExceptionPtr 39912->39914 39915 7ffd9a05d4c7 39912->39915 39912->39919 39913 7ffd9a05d50a 39913->39824 39995 7ffd9a05adc0 54 API calls 39914->39995 39996 7ffd9a05adc0 54 API calls 39915->39996 39919->39913 39997 7ffd9a0489e0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39919->39997 39920->39827 39921->39811 39923->39791 39926->39848 39928 7ffd9a0a5426 39927->39928 39929 7ffd9a0a5419 39927->39929 39942 7ffd9a09fed8 5 API calls shared_ptr 39928->39942 39938 7ffd9a0aa9f0 TlsGetValue 39929->39938 39939->39859 39944 7ffd9a05f268 39943->39944 39945 7ffd9a0a39ec 39943->39945 39944->39811 39944->39874 39946 7ffd9a0b1490 TlsGetValue 39945->39946 39950 7ffd9a0a39f5 39946->39950 39947 7ffd9a0a3a11 AcquireSRWLockShared 39948 7ffd9a0a3a2d 39947->39948 39949 7ffd9a0a3b30 ReleaseSRWLockShared 39947->39949 39965 7ffd9a0a2bd0 RtlPcToFileHeader RaiseException 39948->39965 39949->39944 39950->39947 39952 7ffd9a0b1490 TlsGetValue 39950->39952 39954 7ffd9a0a3a0e 39952->39954 39953 7ffd9a0a3a4a 39955 7ffd9a0a3b1d 39953->39955 39956 7ffd9a0a3ab6 39953->39956 39957 7ffd9a0a3a80 39953->39957 39954->39947 39955->39949 39967 7ffd9a0a4130 54 API calls 4 library calls 39956->39967 39959 7ffd9a0a3ad4 39957->39959 39966 7ffd9a0a4130 54 API calls 4 library calls 39957->39966 39961 7ffd9a0a3b13 39959->39961 39963 7ffd9a0a3aec 39959->39963 39968 7ffd9a0a2fd0 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39961->39968 39964 7ffd9a0a3b04 ReleaseSRWLockShared 39963->39964 39964->39944 39965->39953 39966->39957 39967->39959 39968->39955 39978 7ffd9a077d20 39969->39978 39971 7ffd9a07840a 39976 7ffd9a07842d _Maklocstr ctype 39971->39976 39986 7ffd9a078618 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection _Maklocstr 39971->39986 39973 7ffd9a078422 39987 7ffd9a078648 53 API calls std::locale::_Setgloballocale 39973->39987 39982 7ffd9a077d98 39976->39982 39977 7ffd9a0784c8 39977->39877 39979 7ffd9a077d2f 39978->39979 39980 7ffd9a077d34 39978->39980 39988 7ffd9a0ccc78 6 API calls std::_Lockit::_Lockit 39979->39988 39980->39971 39983 7ffd9a077da3 LeaveCriticalSection 39982->39983 39984 7ffd9a077dac 39982->39984 39984->39977 39986->39973 39987->39976 39989->39883 39990->39885 39991->39900 39992->39903 39993->39899 39994->39894 39995->39919 39996->39919 39997->39913 39998 7ffd9a0d7900 40009 7ffd9a0de9b0 39998->40009 40001 7ffd9a0d7936 40019 7ffd9a0da024 WideCharToMultiByte 40001->40019 40002 7ffd9a0d796d 40004 7ffd9a0bf530 _invalid_parameter_noinfo_noreturn 17 API calls 40002->40004 40006 7ffd9a0d797f 40004->40006 40018 7ffd9a0ccc08 EnterCriticalSection 40006->40018 40008 7ffd9a0d7997 40012 7ffd9a0de9cd 40009->40012 40010 7ffd9a0de9d2 40014 7ffd9a0d7930 40010->40014 40020 7ffd9a0c531c 11 API calls std::_Stodx_v2 40010->40020 40012->40010 40012->40014 40015 7ffd9a0dea1e 40012->40015 40014->40001 40014->40002 40015->40014 40022 7ffd9a0c531c 11 API calls std::_Stodx_v2 40015->40022 40017 7ffd9a0de9dc 40021 7ffd9a0bf4e0 52 API calls _invalid_parameter_noinfo_noreturn 40017->40021 40020->40017 40021->40014 40022->40017

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD9A0437A0 Relevance: 67.4, APIs: 30, Strings: 8, Instructions: 920COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __tlregdtor
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$monitor_configureport '{}', {:#x}, '{}'$monitor_deleteport '{}', {:#x}, '{}'$monitor_enddocport {:#x}$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$monitor_openport '{}', {:#x}$system
                                                                                                                  • API String ID: 1373327856-976324260
                                                                                                                  • Opcode ID: d757a8a58673be86f7cbab87874056a0d3fe4015908662d37686dd28c9f7eccd
                                                                                                                  • Instruction ID: 36df5b4546f491567c70827a3dedc60cfc9c7290f30a4b21cfae38c0a617af45
                                                                                                                  • Opcode Fuzzy Hash: d757a8a58673be86f7cbab87874056a0d3fe4015908662d37686dd28c9f7eccd
                                                                                                                  • Instruction Fuzzy Hash: 5982A463B1878342EA28DBA5E0653AE7391FB85790F505672E69D03BDEEF7CD4809700
                                                                                                                  Function 00007FFD9A0451C4 Relevance: 39.0, APIs: 12, Strings: 10, Instructions: 463threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 348 7ffd9a0451c4-7ffd9a0451cd 349 7ffd9a0451cf 348->349 350 7ffd9a0451d2-7ffd9a0451f3 call 7ffd9a043270 call 7ffd9a060ce0 348->350 349->350 355 7ffd9a045227-7ffd9a045248 call 7ffd9a060cc0 350->355 356 7ffd9a0451f5-7ffd9a045207 350->356 364 7ffd9a0452a8-7ffd9a0452d5 call 7ffd9a042660 355->364 365 7ffd9a04524a-7ffd9a04524d 355->365 357 7ffd9a045222 call 7ffd9a09f9c8 356->357 358 7ffd9a045209-7ffd9a04521c 356->358 357->355 358->357 360 7ffd9a045340-7ffd9a045345 call 7ffd9a0bf500 358->360 370 7ffd9a045346-7ffd9a0453ef call 7ffd9a0bf500 OutputDebugStringA call 7ffd9a05d760 360->370 369 7ffd9a0452d6-7ffd9a0452e9 call 7ffd9a060ce0 364->369 368 7ffd9a045253-7ffd9a045278 call 7ffd9a042660 365->368 365->369 376 7ffd9a04527d-7ffd9a045288 DisableThreadLibraryCalls 368->376 379 7ffd9a0452eb-7ffd9a0452fd 369->379 380 7ffd9a04531a-7ffd9a04533f call 7ffd9a0a0080 369->380 390 7ffd9a04540f-7ffd9a045429 call 7ffd9a060ce0 370->390 391 7ffd9a0453f1-7ffd9a0453fa 370->391 376->369 377 7ffd9a04528a-7ffd9a0452a6 call 7ffd9a041a50 376->377 377->369 383 7ffd9a0452ff-7ffd9a045312 379->383 384 7ffd9a045314-7ffd9a045319 call 7ffd9a09f9c8 379->384 383->370 383->384 384->380 398 7ffd9a045460-7ffd9a0454c1 call 7ffd9a050950 call 7ffd9a041dd0 390->398 399 7ffd9a04542b-7ffd9a045440 390->399 393 7ffd9a0453ff-7ffd9a04540a call 7ffd9a043270 391->393 394 7ffd9a0453fc 391->394 393->390 394->393 410 7ffd9a0454c3-7ffd9a0454d8 398->410 411 7ffd9a0454f8-7ffd9a045517 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a04aa90 398->411 400 7ffd9a045442-7ffd9a045455 399->400 401 7ffd9a04545b call 7ffd9a09f9c8 399->401 400->401 403 7ffd9a0457cc-7ffd9a0457d1 call 7ffd9a0bf500 400->403 401->398 412 7ffd9a0457d2-7ffd9a0457d7 call 7ffd9a0bf500 403->412 413 7ffd9a0454f3 call 7ffd9a09f9c8 410->413 414 7ffd9a0454da-7ffd9a0454ed 410->414 427 7ffd9a04551c-7ffd9a045529 411->427 421 7ffd9a0457d8-7ffd9a0457dd call 7ffd9a0bf500 412->421 413->411 414->412 414->413 426 7ffd9a0457de-7ffd9a0457f1 call 7ffd9a09fed8 421->426 434 7ffd9a045588-7ffd9a0456f6 call 7ffd9a042660 426->434 435 7ffd9a0457f7-7ffd9a045804 call 7ffd9a09f98c 426->435 429 7ffd9a045561-7ffd9a045582 427->429 430 7ffd9a04552b-7ffd9a045540 427->430 429->426 429->434 432 7ffd9a045542-7ffd9a045555 430->432 433 7ffd9a04555b-7ffd9a045560 call 7ffd9a09f9c8 430->433 432->421 432->433 433->429 440 7ffd9a0456fb-7ffd9a04571b call 7ffd9a060ce0 434->440 443 7ffd9a04582f-7ffd9a045850 call 7ffd9a09fd38 call 7ffd9a09fe78 435->443 444 7ffd9a045806-7ffd9a045828 435->444 447 7ffd9a04571d-7ffd9a045732 440->447 448 7ffd9a045753-7ffd9a0457cb call 7ffd9a0a0080 440->448 443->434 444->443 449 7ffd9a04574d-7ffd9a045752 call 7ffd9a09f9c8 447->449 450 7ffd9a045734-7ffd9a045747 447->450 449->448 450->449 453 7ffd9a045855-7ffd9a0458f8 call 7ffd9a0bf500 * 2 call 7ffd9a05d760 450->453 467 7ffd9a045918-7ffd9a045932 call 7ffd9a060ce0 453->467 468 7ffd9a0458fa-7ffd9a045903 453->468 474 7ffd9a045934-7ffd9a045949 467->474 475 7ffd9a045969-7ffd9a045a02 call 7ffd9a042cc0 call 7ffd9a060ce0 467->475 469 7ffd9a045908-7ffd9a045913 call 7ffd9a043270 468->469 470 7ffd9a045905 468->470 469->467 470->469 477 7ffd9a045964 call 7ffd9a09f9c8 474->477 478 7ffd9a04594b-7ffd9a04595e 474->478 487 7ffd9a045a04-7ffd9a045a19 475->487 488 7ffd9a045a36-7ffd9a045a50 call 7ffd9a0a0080 475->488 477->475 478->477 480 7ffd9a045a51-7ffd9a045a56 call 7ffd9a0bf500 478->480 486 7ffd9a045a57-7ffd9a045a5f call 7ffd9a0bf500 480->486 490 7ffd9a045a30-7ffd9a045a35 call 7ffd9a09f9c8 487->490 491 7ffd9a045a1b-7ffd9a045a2e 487->491 490->488 491->486 491->490
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CallsDebugDisableLibraryOutputStringThread__tlregdtor
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$DisableThreadLibraryCalls() failed$InitializePrintMonitor '{}'$RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$process attach, instance {:#x}$process detach, instance {:#x}$return MONITOREX {:#x}$rundll$system$wfaxport.dll initialize
                                                                                                                  • API String ID: 1380303762-3667887961
                                                                                                                  • Opcode ID: 09066a7e4fcdb6902f3efd9474aa07df6ede991ef4c618738db54865d2f9e304
                                                                                                                  • Instruction ID: 8003f172a3296f8f5f78828be74d724fe588ffc92f60ee69f21e4d638eccc910
                                                                                                                  • Opcode Fuzzy Hash: 09066a7e4fcdb6902f3efd9474aa07df6ede991ef4c618738db54865d2f9e304
                                                                                                                  • Instruction Fuzzy Hash: CF228023F18B8781EA28CB94E4603A973A0FB99790F505276D69D037E9EF7CE584D700
                                                                                                                  Function 00007FFD9A062E18 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 325COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 851 7ffd9a062e18-7ffd9a062f5d call 7ffd9a04f2a0 call 7ffd9a09b650 call 7ffd9a09bc60 858 7ffd9a062f5f-7ffd9a062f79 851->858 859 7ffd9a062f99-7ffd9a063073 call 7ffd9a09b650 call 7ffd9a09bc60 851->859 860 7ffd9a062f94 call 7ffd9a09f9c8 858->860 861 7ffd9a062f7b-7ffd9a062f8e 858->861 871 7ffd9a0630af-7ffd9a063110 call 7ffd9a09e180 859->871 872 7ffd9a063075-7ffd9a06308f 859->872 860->859 861->860 863 7ffd9a063398-7ffd9a06339d call 7ffd9a0bf500 861->863 870 7ffd9a06339e-7ffd9a0633a3 call 7ffd9a0bf500 863->870 880 7ffd9a0633a4-7ffd9a0633a9 call 7ffd9a0bf500 870->880 881 7ffd9a063116-7ffd9a063130 call 7ffd9a09d720 871->881 882 7ffd9a0632f8-7ffd9a063315 call 7ffd9a04f130 871->882 873 7ffd9a063091-7ffd9a0630a4 872->873 874 7ffd9a0630aa call 7ffd9a09f9c8 872->874 873->870 873->874 874->871 891 7ffd9a0633aa-7ffd9a0633af call 7ffd9a0bf500 880->891 888 7ffd9a063135-7ffd9a06313d 881->888 889 7ffd9a06334d-7ffd9a063397 call 7ffd9a0a0080 882->889 890 7ffd9a063317-7ffd9a063331 882->890 888->882 892 7ffd9a063143-7ffd9a063147 888->892 893 7ffd9a063333-7ffd9a063346 890->893 894 7ffd9a063348 call 7ffd9a09f9c8 890->894 899 7ffd9a0633b0-7ffd9a0633b5 call 7ffd9a0bf500 891->899 896 7ffd9a063174-7ffd9a063177 892->896 897 7ffd9a063149-7ffd9a063156 892->897 893->894 893->899 894->889 904 7ffd9a06318f-7ffd9a0631a7 896->904 905 7ffd9a063179-7ffd9a06318d call 7ffd9a061200 896->905 897->882 902 7ffd9a06315c-7ffd9a063172 897->902 913 7ffd9a0631aa-7ffd9a0631e0 902->913 904->913 905->913 914 7ffd9a0631e2-7ffd9a06321c call 7ffd9a09b740 913->914 915 7ffd9a063221-7ffd9a063265 call 7ffd9a0626d0 913->915 914->915 919 7ffd9a06329c-7ffd9a0632c1 915->919 920 7ffd9a063267-7ffd9a06327c 915->920 919->882 921 7ffd9a0632c3-7ffd9a0632d8 919->921 922 7ffd9a06327e-7ffd9a063291 920->922 923 7ffd9a063297 call 7ffd9a09f9c8 920->923 924 7ffd9a0632f3 call 7ffd9a09f9c8 921->924 925 7ffd9a0632da-7ffd9a0632ed 921->925 922->880 922->923 923->919 924->882 925->891 925->924
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\utils\ServiceFilesystem.cpp$Couldn't create writable subdirectory '{}': {}$WIService$Wildix
                                                                                                                  • API String ID: 3668304517-1823832745
                                                                                                                  • Opcode ID: 4cf0d7ca435ab29cba9aee2d834deacd446f32cad2b8ece2b4deb5508146a8ee
                                                                                                                  • Instruction ID: 57b6b3787400b54a0e3c0c4eb447774c2f9f901112a4944fda660837912b8ce2
                                                                                                                  • Opcode Fuzzy Hash: 4cf0d7ca435ab29cba9aee2d834deacd446f32cad2b8ece2b4deb5508146a8ee
                                                                                                                  • Instruction Fuzzy Hash: 1FD17E63B18BC781EA74CB68E4653AEB361EBD5794F509222DADC03A99DF6CD084D700
                                                                                                                  Function 00007FFD9A0C5B3C Relevance: 9.2, APIs: 6, Instructions: 249COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1116 7ffd9a0c5b3c-7ffd9a0c5b50 1117 7ffd9a0c5b6d-7ffd9a0c5b84 1116->1117 1118 7ffd9a0c5b52-7ffd9a0c5b5e call 7ffd9a0c531c call 7ffd9a0bf4e0 1116->1118 1117->1118 1120 7ffd9a0c5b86-7ffd9a0c5b8a 1117->1120 1129 7ffd9a0c5b63 1118->1129 1122 7ffd9a0c5b8c-7ffd9a0c5b98 call 7ffd9a0c531c 1120->1122 1123 7ffd9a0c5b9a-7ffd9a0c5ba7 1120->1123 1122->1129 1123->1122 1124 7ffd9a0c5ba9-7ffd9a0c5bc5 call 7ffd9a0d7980 call 7ffd9a0d6d84 1123->1124 1134 7ffd9a0c5bcb-7ffd9a0c5bd6 call 7ffd9a0d6db4 1124->1134 1135 7ffd9a0c5e23-7ffd9a0c5e5b call 7ffd9a0bf530 call 7ffd9a0d14e4 1124->1135 1131 7ffd9a0c5b65-7ffd9a0c5b6c 1129->1131 1134->1135 1141 7ffd9a0c5bdc-7ffd9a0c5be7 call 7ffd9a0d6de4 1134->1141 1146 7ffd9a0c5e5d-7ffd9a0c5e63 call 7ffd9a0c5b3c 1135->1146 1147 7ffd9a0c5e71-7ffd9a0c5e83 1135->1147 1141->1135 1148 7ffd9a0c5bed-7ffd9a0c5c04 1141->1148 1152 7ffd9a0c5e68-7ffd9a0c5e6e 1146->1152 1150 7ffd9a0c5c66-7ffd9a0c5c73 call 7ffd9a0d1578 1148->1150 1151 7ffd9a0c5c06-7ffd9a0c5c1f call 7ffd9a0d1578 1148->1151 1150->1131 1158 7ffd9a0c5c79-7ffd9a0c5c7f 1150->1158 1151->1131 1157 7ffd9a0c5c25-7ffd9a0c5c28 1151->1157 1152->1147 1159 7ffd9a0c5e1c-7ffd9a0c5e1e 1157->1159 1160 7ffd9a0c5c2e-7ffd9a0c5c38 call 7ffd9a0d79c4 1157->1160 1161 7ffd9a0c5c9e 1158->1161 1162 7ffd9a0c5c81-7ffd9a0c5c8b call 7ffd9a0d79c4 1158->1162 1159->1131 1160->1159 1173 7ffd9a0c5c3e-7ffd9a0c5c54 call 7ffd9a0d1578 1160->1173 1163 7ffd9a0c5ca2-7ffd9a0c5ccf 1161->1163 1162->1161 1170 7ffd9a0c5c8d-7ffd9a0c5c9c 1162->1170 1166 7ffd9a0c5cda-7ffd9a0c5d1b 1163->1166 1167 7ffd9a0c5cd1-7ffd9a0c5cd8 1163->1167 1171 7ffd9a0c5d27-7ffd9a0c5d72 1166->1171 1172 7ffd9a0c5d1d-7ffd9a0c5d24 1166->1172 1167->1166 1170->1163 1175 7ffd9a0c5d7e-7ffd9a0c5d98 1171->1175 1176 7ffd9a0c5d74-7ffd9a0c5d7b 1171->1176 1172->1171 1173->1131 1180 7ffd9a0c5c5a-7ffd9a0c5c61 1173->1180 1178 7ffd9a0c5dc5 1175->1178 1179 7ffd9a0c5d9a-7ffd9a0c5dc3 1175->1179 1176->1175 1178->1159 1181 7ffd9a0c5dc7-7ffd9a0c5dfc 1178->1181 1179->1159 1180->1159 1182 7ffd9a0c5e19 1181->1182 1183 7ffd9a0c5dfe-7ffd9a0c5e17 1181->1183 1182->1159 1183->1159
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1405656091-0
                                                                                                                  • Opcode ID: b108f4d214aa4c792b2fc591634e3fe1570faaa9529d3843a1582aca8436b1cc
                                                                                                                  • Instruction ID: 589f9aac6bee4b88c1f71c9a363f23989f3196d4bdfc156e1f6a07525d001f9a
                                                                                                                  • Opcode Fuzzy Hash: b108f4d214aa4c792b2fc591634e3fe1570faaa9529d3843a1582aca8436b1cc
                                                                                                                  • Instruction Fuzzy Hash: CB91C4B7F043474AEB6C9FA5C9612A977A1EB54788F058135EA0D8B7CEEE3CE4509700
                                                                                                                  Function 00007FFD9A05E9B5 Relevance: 30.4, APIs: 10, Strings: 7, Instructions: 606COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 497 7ffd9a05e9b5-7ffd9a05e9d0 498 7ffd9a05e9d2 497->498 499 7ffd9a05e9d5-7ffd9a05e9e9 497->499 498->499 500 7ffd9a05e9ee-7ffd9a05ea7f call 7ffd9a077a60 499->500 501 7ffd9a05e9eb 499->501 504 7ffd9a05ea81-7ffd9a05ea99 call 7ffd9a05a1e0 500->504 505 7ffd9a05eaa0-7ffd9a05eace 500->505 501->500 504->505 507 7ffd9a05ead0-7ffd9a05eae5 call 7ffd9a09f98c 505->507 508 7ffd9a05eaec-7ffd9a05eb3f 505->508 507->508 511 7ffd9a05eb41-7ffd9a05eb55 508->511 512 7ffd9a05eb75-7ffd9a05eb97 508->512 516 7ffd9a05eb70 call 7ffd9a09f9c8 511->516 517 7ffd9a05eb57-7ffd9a05eb6a 511->517 513 7ffd9a05ebcd-7ffd9a05ebd8 512->513 514 7ffd9a05eb99-7ffd9a05ebad 512->514 520 7ffd9a05ebde-7ffd9a05ebe5 513->520 521 7ffd9a05ec8a-7ffd9a05ec9f call 7ffd9a078010 513->521 518 7ffd9a05ebaf-7ffd9a05ebc2 514->518 519 7ffd9a05ebc8 call 7ffd9a09f9c8 514->519 516->512 517->516 522 7ffd9a05f432-7ffd9a05f437 call 7ffd9a0bf500 517->522 518->519 525 7ffd9a05f438-7ffd9a05f43d call 7ffd9a0bf500 518->525 519->513 527 7ffd9a05ebf0-7ffd9a05ec10 520->527 534 7ffd9a05f3fa-7ffd9a05f423 call 7ffd9a0a0080 521->534 535 7ffd9a05eca5-7ffd9a05ed37 AcquireSRWLockShared call 7ffd9a0a4500 call 7ffd9a0a29a0 call 7ffd9a0a2a80 call 7ffd9a0a5090 call 7ffd9a0a2ab0 521->535 522->525 542 7ffd9a05f43e-7ffd9a05f449 call 7ffd9a0bf500 call 7ffd9a043150 525->542 530 7ffd9a05ec42-7ffd9a05ec63 527->530 531 7ffd9a05ec12-7ffd9a05ec1f 527->531 539 7ffd9a05ec83 530->539 540 7ffd9a05ec65-7ffd9a05ec7c 530->540 536 7ffd9a05ec21-7ffd9a05ec34 531->536 537 7ffd9a05ec3d call 7ffd9a09f9c8 531->537 570 7ffd9a05ed40-7ffd9a05ed68 535->570 536->542 543 7ffd9a05ec3a 536->543 537->530 539->521 540->521 545 7ffd9a05ec7e 540->545 556 7ffd9a05f44a-7ffd9a05f44f call 7ffd9a0bf500 542->556 543->537 545->527 562 7ffd9a05f450-7ffd9a05f455 call 7ffd9a0bf500 556->562 568 7ffd9a05f456-7ffd9a05f49c call 7ffd9a0bf500 call 7ffd9a0c582c 562->568 579 7ffd9a05f4a0-7ffd9a05f4a8 568->579 570->570 572 7ffd9a05ed6a-7ffd9a05ee74 call 7ffd9a04e160 570->572 584 7ffd9a05ee79-7ffd9a05ef7a call 7ffd9a04ef80 call 7ffd9a0a2a80 call 7ffd9a0a2020 call 7ffd9a0a2ab0 572->584 585 7ffd9a05ee76 572->585 579->579 581 7ffd9a05f4aa-7ffd9a05f4ba call 7ffd9a041800 579->581 598 7ffd9a05ef7c-7ffd9a05ef8d 584->598 599 7ffd9a05efa8-7ffd9a05efb3 584->599 585->584 598->599 600 7ffd9a05ef8f-7ffd9a05ef9d 598->600 601 7ffd9a05efea-7ffd9a05eff5 599->601 602 7ffd9a05efb5-7ffd9a05efc9 599->602 600->599 605 7ffd9a05ef9f-7ffd9a05efa7 600->605 603 7ffd9a05f02c-7ffd9a05f037 601->603 604 7ffd9a05eff7-7ffd9a05f00b 601->604 606 7ffd9a05efe4-7ffd9a05efe9 call 7ffd9a09f9c8 602->606 607 7ffd9a05efcb-7ffd9a05efde 602->607 610 7ffd9a05f06d-7ffd9a05f08f 603->610 611 7ffd9a05f039-7ffd9a05f04d 603->611 608 7ffd9a05f00d-7ffd9a05f020 604->608 609 7ffd9a05f026-7ffd9a05f02b call 7ffd9a09f9c8 604->609 605->599 606->601 607->556 607->606 608->562 608->609 609->603 617 7ffd9a05f0c2-7ffd9a05f0e6 610->617 618 7ffd9a05f091-7ffd9a05f0a2 610->618 614 7ffd9a05f04f-7ffd9a05f062 611->614 615 7ffd9a05f068 call 7ffd9a09f9c8 611->615 614->568 614->615 615->610 620 7ffd9a05f101-7ffd9a05f166 call 7ffd9a0a2a80 call 7ffd9a0a2020 call 7ffd9a0a2ab0 617->620 621 7ffd9a05f0e8-7ffd9a05f0fd 617->621 624 7ffd9a05f0a4-7ffd9a05f0b7 618->624 625 7ffd9a05f0bd call 7ffd9a09f9c8 618->625 640 7ffd9a05f195-7ffd9a05f1d9 call 7ffd9a05d760 call 7ffd9a0a2a80 call 7ffd9a046d20 620->640 641 7ffd9a05f168-7ffd9a05f179 620->641 621->620 624->625 627 7ffd9a05f424-7ffd9a05f431 call 7ffd9a0bf500 call 7ffd9a078124 624->627 625->617 627->522 652 7ffd9a05f1df-7ffd9a05f20f call 7ffd9a0a2020 call 7ffd9a0a2ab0 640->652 653 7ffd9a05f1db 640->653 641->640 642 7ffd9a05f17b-7ffd9a05f189 641->642 642->640 645 7ffd9a05f18b-7ffd9a05f18e 642->645 645->640 658 7ffd9a05f211-7ffd9a05f222 652->658 659 7ffd9a05f23e-7ffd9a05f27a call 7ffd9a0a4620 call 7ffd9a0a5470 call 7ffd9a0a48f0 652->659 653->652 658->659 661 7ffd9a05f224-7ffd9a05f232 658->661 670 7ffd9a05f3d1-7ffd9a05f3d4 659->670 671 7ffd9a05f280-7ffd9a05f33d call 7ffd9a04d990 call 7ffd9a055630 call 7ffd9a05e360 call 7ffd9a0a89d0 659->671 661->659 663 7ffd9a05f234-7ffd9a05f237 661->663 663->659 672 7ffd9a05f3e0-7ffd9a05f3ef call 7ffd9a0574c0 670->672 673 7ffd9a05f3d6-7ffd9a05f3db call 7ffd9a0a4330 670->673 688 7ffd9a05f353-7ffd9a05f360 671->688 689 7ffd9a05f33f-7ffd9a05f343 671->689 672->534 681 7ffd9a05f3f1-7ffd9a05f3f5 ReleaseSRWLockShared 672->681 673->672 681->534 692 7ffd9a05f36f-7ffd9a05f376 call 7ffd9a05d3e0 688->692 690 7ffd9a05f37b-7ffd9a05f384 689->690 691 7ffd9a05f345-7ffd9a05f351 689->691 694 7ffd9a05f389-7ffd9a05f39f call 7ffd9a05d3e0 call 7ffd9a04a0d0 690->694 695 7ffd9a05f386 690->695 691->692 692->690 699 7ffd9a05f3a4-7ffd9a05f3ae call 7ffd9a0a4910 694->699 695->694 701 7ffd9a05f3b3-7ffd9a05f3cc call 7ffd9a0a8910 call 7ffd9a057290 699->701 701->670
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$AcquireLockMtx_unlockShared
                                                                                                                  • String ID: !!!ERROR!!! $!!!FATAL!!! $FileName$Scope$ThreadId$Unknown error${}.{:03d} | {:<15} {}
                                                                                                                  • API String ID: 1953351835-1628071256
                                                                                                                  • Opcode ID: 41e6f4fb972c50071f6acbfbd35c4d733494a76fc6be772fe58aa517d42c0fab
                                                                                                                  • Instruction ID: c2894b9a8c0dc0a0226b94150bea69c35323e13fe6a5c9c5b7e1421e05cc8d4c
                                                                                                                  • Opcode Fuzzy Hash: 41e6f4fb972c50071f6acbfbd35c4d733494a76fc6be772fe58aa517d42c0fab
                                                                                                                  • Instruction Fuzzy Hash: 5852AF63B08B8685EB298FA5D8643ED3760FB84798F409172DA4D077A9DF3CE585E340
                                                                                                                  Function 00007FFD9A0499B0 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 445COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 706 7ffd9a0499b0-7ffd9a049a16 707 7ffd9a049a25-7ffd9a049a2b 706->707 708 7ffd9a049a18-7ffd9a049a20 call 7ffd9a0b3210 706->708 710 7ffd9a049a31-7ffd9a049a44 call 7ffd9a078008 707->710 711 7ffd9a049fa8-7ffd9a049fef call 7ffd9a045f40 call 7ffd9a047150 call 7ffd9a0b1ddc 707->711 708->707 716 7ffd9a049ff0-7ffd9a049ff7 call 7ffd9a078124 710->716 717 7ffd9a049a4a-7ffd9a049a58 710->717 711->716 727 7ffd9a049ff8-7ffd9a04a042 call 7ffd9a046050 call 7ffd9a046fd0 call 7ffd9a0b1ddc 716->727 719 7ffd9a049a5a-7ffd9a049a67 717->719 720 7ffd9a049a97-7ffd9a049abd call 7ffd9a0464a0 717->720 723 7ffd9a049a70-7ffd9a049a8b call 7ffd9a04a610 719->723 720->727 733 7ffd9a049ac3-7ffd9a049ad7 720->733 735 7ffd9a049a8d-7ffd9a049a92 723->735 751 7ffd9a04a043-7ffd9a04a048 call 7ffd9a0bf500 727->751 736 7ffd9a049add 733->736 737 7ffd9a049f67-7ffd9a049f9b call 7ffd9a078010 call 7ffd9a0a0080 733->737 735->720 740 7ffd9a049ae0-7ffd9a049b0f call 7ffd9a046d20 call 7ffd9a0506c0 736->740 752 7ffd9a049b11-7ffd9a049b22 740->752 753 7ffd9a049b42-7ffd9a049b66 740->753 762 7ffd9a04a049-7ffd9a04a04e call 7ffd9a0bf500 751->762 755 7ffd9a049b24-7ffd9a049b37 752->755 756 7ffd9a049b3d call 7ffd9a09f9c8 752->756 757 7ffd9a049b6b-7ffd9a049b89 call 7ffd9a0506c0 753->757 758 7ffd9a049b68 753->758 755->751 755->756 756->753 765 7ffd9a049b8e-7ffd9a049baa call 7ffd9a0506c0 757->765 766 7ffd9a049b8b 757->766 758->757 769 7ffd9a04a04f-7ffd9a04a054 call 7ffd9a0bf500 762->769 772 7ffd9a049db4-7ffd9a049dd5 765->772 773 7ffd9a049bb0-7ffd9a049bb3 765->773 766->765 777 7ffd9a04a055-7ffd9a04a05a call 7ffd9a0bf500 769->777 778 7ffd9a049de0-7ffd9a049dee 772->778 775 7ffd9a049e74 773->775 776 7ffd9a049bb9-7ffd9a049bdf 773->776 782 7ffd9a049e77-7ffd9a049e7f 775->782 780 7ffd9a049be0-7ffd9a049bee 776->780 792 7ffd9a04a05b-7ffd9a04a060 call 7ffd9a0bf500 777->792 778->778 779 7ffd9a049df0-7ffd9a049e2f call 7ffd9a050950 call 7ffd9a041dd0 778->779 806 7ffd9a049e34-7ffd9a049e3d 779->806 780->780 784 7ffd9a049bf0-7ffd9a049c0e 780->784 786 7ffd9a049e81-7ffd9a049e97 782->786 787 7ffd9a049eb7-7ffd9a049ed0 782->787 791 7ffd9a049c10-7ffd9a049c1e 784->791 793 7ffd9a049eb2 call 7ffd9a09f9c8 786->793 794 7ffd9a049e99-7ffd9a049eac 786->794 788 7ffd9a049ed2-7ffd9a049ee8 787->788 789 7ffd9a049f08-7ffd9a049f21 787->789 795 7ffd9a049f03 call 7ffd9a09f9c8 788->795 796 7ffd9a049eea-7ffd9a049efd 788->796 800 7ffd9a049f23-7ffd9a049f3a 789->800 801 7ffd9a049f56-7ffd9a049f61 789->801 791->791 798 7ffd9a049c20-7ffd9a049c3d 791->798 802 7ffd9a04a061-7ffd9a04a07c call 7ffd9a0bf500 792->802 793->787 794->793 794->802 795->789 796->795 804 7ffd9a049f9c-7ffd9a049fa1 call 7ffd9a0bf500 796->804 807 7ffd9a049c40-7ffd9a049c4e 798->807 809 7ffd9a049f51 call 7ffd9a09f9c8 800->809 810 7ffd9a049f3c-7ffd9a049f4f 800->810 801->737 801->740 824 7ffd9a04a07e-7ffd9a04a081 802->824 825 7ffd9a04a086-7ffd9a04a088 802->825 816 7ffd9a049fa2-7ffd9a049fa7 call 7ffd9a0bf500 804->816 813 7ffd9a049e3f-7ffd9a049e50 806->813 814 7ffd9a049e70 806->814 807->807 815 7ffd9a049c50-7ffd9a049cdf call 7ffd9a050950 * 3 call 7ffd9a046670 807->815 809->801 810->809 810->816 821 7ffd9a049e52-7ffd9a049e65 813->821 822 7ffd9a049e6b call 7ffd9a09f9c8 813->822 814->775 836 7ffd9a049ce1-7ffd9a049cf2 815->836 837 7ffd9a049d12-7ffd9a049d2d 815->837 816->711 821->792 821->822 822->814 824->825 829 7ffd9a04a083-7ffd9a04a085 824->829 838 7ffd9a049cf4-7ffd9a049d07 836->838 839 7ffd9a049d0d call 7ffd9a09f9c8 836->839 840 7ffd9a049d2f-7ffd9a049d40 837->840 841 7ffd9a049d60-7ffd9a049d78 837->841 838->762 838->839 839->837 843 7ffd9a049d42-7ffd9a049d55 840->843 844 7ffd9a049d5b call 7ffd9a09f9c8 840->844 845 7ffd9a049d7a-7ffd9a049d8b 841->845 846 7ffd9a049dab-7ffd9a049daf 841->846 843->769 843->844 844->841 848 7ffd9a049d8d-7ffd9a049da0 845->848 849 7ffd9a049da6 call 7ffd9a09f9c8 845->849 846->782 848->777 848->849 849->846
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Mtx_unlock
                                                                                                                  • String ID: -$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$buffer has capacity of {}, while {} is needed$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                                                                                  • API String ID: 3867719841-632606356
                                                                                                                  • Opcode ID: 82f1b52a29052dee5acac9ad11a49894995511c6021b6bd74fda4b337f3eaf9c
                                                                                                                  • Instruction ID: 6de1fa9925f28e1bc64ba5316ea5858aa254b0efd763df0260fcd1c10a06cafd
                                                                                                                  • Opcode Fuzzy Hash: 82f1b52a29052dee5acac9ad11a49894995511c6021b6bd74fda4b337f3eaf9c
                                                                                                                  • Instruction Fuzzy Hash: 15128963B04A8385EF14CFA9D4A43AD37A1FB85798F505272EA5D13AADEF38D485D300
                                                                                                                  Function 00007FFD9A04F400 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FolderPathProcessSpecial$CurrentErrorLastSession_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: .$SHGetSpecialFolderPathW() failed with error {}
                                                                                                                  • API String ID: 2640792341-2940119500
                                                                                                                  • Opcode ID: beac3260d1fe0ee5e85ab3cc928f3e324c1963a41e9799384e70ec2d293fb215
                                                                                                                  • Instruction ID: 916690b8069e8611150112de014514797a87a656ad73b503fbe859c001890d4e
                                                                                                                  • Opcode Fuzzy Hash: beac3260d1fe0ee5e85ab3cc928f3e324c1963a41e9799384e70ec2d293fb215
                                                                                                                  • Instruction Fuzzy Hash: FC41C473B08B8386EB389F60E4643AA73A0FB88B98F504131D65D47A99EF3CD544D700
                                                                                                                  Function 00007FFD9A09E460 Relevance: 10.7, APIs: 7, Instructions: 230fileCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 958 7ffd9a09e460-7ffd9a09e488 959 7ffd9a09e48a 958->959 960 7ffd9a09e48d-7ffd9a09e49e 958->960 959->960 961 7ffd9a09e4a5-7ffd9a09e4ae 960->961 961->961 962 7ffd9a09e4b0-7ffd9a09e505 call 7ffd9a04f2c0 CreateFileW 961->962 965 7ffd9a09e507-7ffd9a09e51e 962->965 966 7ffd9a09e53e-7ffd9a09e555 962->966 967 7ffd9a09e539 call 7ffd9a09f9c8 965->967 968 7ffd9a09e520-7ffd9a09e533 965->968 969 7ffd9a09e557-7ffd9a09e562 GetLastError 966->969 970 7ffd9a09e5b9-7ffd9a09e5ce call 7ffd9a09e1c0 CloseHandle 966->970 967->966 968->967 971 7ffd9a09e5ef-7ffd9a09e61a call 7ffd9a0bf500 968->971 974 7ffd9a09e5a6-7ffd9a09e5b7 call 7ffd9a09e010 969->974 975 7ffd9a09e564-7ffd9a09e56c 969->975 982 7ffd9a09e5d4-7ffd9a09e5ee call 7ffd9a0a0080 970->982 988 7ffd9a09e620-7ffd9a09e627 971->988 974->982 977 7ffd9a09e56e 975->977 978 7ffd9a09e571-7ffd9a09e57c GetFileAttributesW 975->978 977->978 983 7ffd9a09e59e-7ffd9a09e5a4 GetLastError 978->983 984 7ffd9a09e57e-7ffd9a09e582 978->984 983->974 984->974 987 7ffd9a09e584-7ffd9a09e59c call 7ffd9a09de20 984->987 987->982 988->988 991 7ffd9a09e629-7ffd9a09e63a 988->991 993 7ffd9a09e63c-7ffd9a09e643 991->993 994 7ffd9a09e660-7ffd9a09e66d 991->994 997 7ffd9a09e645 993->997 998 7ffd9a09e648-7ffd9a09e65b call 7ffd9a0b2b60 993->998 995 7ffd9a09e75b-7ffd9a09e760 call 7ffd9a043150 994->995 996 7ffd9a09e673-7ffd9a09e67d 994->996 1008 7ffd9a09e761-7ffd9a09e766 call 7ffd9a0bf500 995->1008 999 7ffd9a09e67f-7ffd9a09e691 call 7ffd9a0417c0 996->999 1000 7ffd9a09e693-7ffd9a09e6a2 996->1000 997->998 1009 7ffd9a09e740-7ffd9a09e75a 998->1009 1015 7ffd9a09e6ef-7ffd9a09e70e call 7ffd9a0b2b60 999->1015 1005 7ffd9a09e6b8-7ffd9a09e6d1 1000->1005 1006 7ffd9a09e6a4-7ffd9a09e6b6 call 7ffd9a0417c0 1000->1006 1012 7ffd9a09e6dd-7ffd9a09e6e0 1005->1012 1013 7ffd9a09e6d3-7ffd9a09e6db call 7ffd9a0417c0 1005->1013 1006->1015 1018 7ffd9a09e6ec 1012->1018 1019 7ffd9a09e6e2-7ffd9a09e6ea call 7ffd9a09f98c 1012->1019 1013->1015 1026 7ffd9a09e73d 1015->1026 1027 7ffd9a09e710-7ffd9a09e71e 1015->1027 1018->1015 1019->1015 1026->1009 1028 7ffd9a09e738 call 7ffd9a09f9c8 1027->1028 1029 7ffd9a09e720-7ffd9a09e733 1027->1029 1028->1026 1029->1008 1030 7ffd9a09e735 1029->1030 1030->1028
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFileLast_invalid_parameter_noinfo_noreturn$AttributesCreate
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2181032588-0
                                                                                                                  • Opcode ID: 2e3c6637dba33a5375d42a7224666a5274b1dfd18a522cd09719162221486187
                                                                                                                  • Instruction ID: bd9304da3cd87616192d2815ff026228eebfd5908b983e2960432605148b75cb
                                                                                                                  • Opcode Fuzzy Hash: 2e3c6637dba33a5375d42a7224666a5274b1dfd18a522cd09719162221486187
                                                                                                                  • Instruction Fuzzy Hash: 0881F863F0874385FA289BA5D5643797B51FB85BE4F600671DA6D037D9EE3CE881A300
                                                                                                                  Function 00007FFD9A044507 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1032 7ffd9a044507-7ffd9a044520 call 7ffd9a060ce0 1035 7ffd9a044526-7ffd9a04453b 1032->1035 1036 7ffd9a0445f9-7ffd9a04461d call 7ffd9a0a0080 1032->1036 1037 7ffd9a0445f3-7ffd9a0445f8 call 7ffd9a09f9c8 1035->1037 1038 7ffd9a044541-7ffd9a044554 1035->1038 1037->1036 1041 7ffd9a044636-7ffd9a044647 call 7ffd9a0bf500 * 3 1038->1041 1042 7ffd9a04455a 1038->1042 1054 7ffd9a044650-7ffd9a0446cf call 7ffd9a05d760 1041->1054 1042->1037 1057 7ffd9a0446d1-7ffd9a0446da 1054->1057 1058 7ffd9a0446ec-7ffd9a044700 call 7ffd9a060ce0 1054->1058 1059 7ffd9a0446df-7ffd9a0446e7 call 7ffd9a043270 1057->1059 1060 7ffd9a0446dc 1057->1060 1064 7ffd9a044734-7ffd9a04475b call 7ffd9a050950 1058->1064 1065 7ffd9a044702-7ffd9a044714 1058->1065 1059->1058 1060->1059 1070 7ffd9a044760-7ffd9a044788 call 7ffd9a042230 1064->1070 1067 7ffd9a04472f call 7ffd9a09f9c8 1065->1067 1068 7ffd9a044716-7ffd9a044729 1065->1068 1067->1064 1068->1067 1071 7ffd9a0448f7-7ffd9a0448fc call 7ffd9a0bf500 1068->1071 1074 7ffd9a04478d-7ffd9a04479a 1070->1074 1078 7ffd9a0448fd-7ffd9a044902 call 7ffd9a0bf500 1071->1078 1076 7ffd9a0447d1-7ffd9a044805 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a04b150 1074->1076 1077 7ffd9a04479c-7ffd9a0447b1 1074->1077 1094 7ffd9a04483d-7ffd9a044850 call 7ffd9a060ce0 1076->1094 1095 7ffd9a044807-7ffd9a04481c 1076->1095 1079 7ffd9a0447b3-7ffd9a0447c6 1077->1079 1080 7ffd9a0447cc call 7ffd9a09f9c8 1077->1080 1086 7ffd9a044903-7ffd9a044908 call 7ffd9a0bf500 1078->1086 1079->1078 1079->1080 1080->1076 1093 7ffd9a044909-7ffd9a044923 call 7ffd9a0bf500 * 2 1086->1093 1093->1054 1105 7ffd9a044852-7ffd9a044864 1094->1105 1106 7ffd9a044885-7ffd9a0448f6 call 7ffd9a0a0080 1094->1106 1097 7ffd9a04481e-7ffd9a044831 1095->1097 1098 7ffd9a044837-7ffd9a04483c call 7ffd9a09f9c8 1095->1098 1097->1086 1097->1098 1098->1094 1108 7ffd9a04487f-7ffd9a044884 call 7ffd9a09f9c8 1105->1108 1109 7ffd9a044866-7ffd9a044879 1105->1109 1108->1106 1109->1093 1109->1108
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                  • API String ID: 3668304517-2202528157
                                                                                                                  • Opcode ID: 5a4bcbad542ef0afb540b301c0fa5965c43cc73f303fd99a96c887a74714bb82
                                                                                                                  • Instruction ID: 715da8e048f0710936213a5d68766bb401e38a7979c296c37f78950659b58308
                                                                                                                  • Opcode Fuzzy Hash: 5a4bcbad542ef0afb540b301c0fa5965c43cc73f303fd99a96c887a74714bb82
                                                                                                                  • Instruction Fuzzy Hash: 6E71B663B1868742EA28DB95E06536E7351FB857E0F504271EAAD43BDDEF2CD4809700
                                                                                                                  Function 00007FFD9A05EDF7 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 358COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1184 7ffd9a05edf7-7ffd9a05ee74 call 7ffd9a043180 call 7ffd9a0b2b60 call 7ffd9a04e160 1194 7ffd9a05ee79-7ffd9a05ef7a call 7ffd9a04ef80 call 7ffd9a0a2a80 call 7ffd9a0a2020 call 7ffd9a0a2ab0 1184->1194 1195 7ffd9a05ee76 1184->1195 1207 7ffd9a05ef7c-7ffd9a05ef8d 1194->1207 1208 7ffd9a05efa8-7ffd9a05efb3 1194->1208 1195->1194 1207->1208 1209 7ffd9a05ef8f-7ffd9a05ef9d 1207->1209 1210 7ffd9a05efea-7ffd9a05eff5 1208->1210 1211 7ffd9a05efb5-7ffd9a05efc9 1208->1211 1209->1208 1214 7ffd9a05ef9f-7ffd9a05efa7 1209->1214 1212 7ffd9a05f02c-7ffd9a05f037 1210->1212 1213 7ffd9a05eff7-7ffd9a05f00b 1210->1213 1215 7ffd9a05efe4-7ffd9a05efe9 call 7ffd9a09f9c8 1211->1215 1216 7ffd9a05efcb-7ffd9a05efde 1211->1216 1219 7ffd9a05f06d-7ffd9a05f08f 1212->1219 1220 7ffd9a05f039-7ffd9a05f04d 1212->1220 1217 7ffd9a05f00d-7ffd9a05f020 1213->1217 1218 7ffd9a05f026-7ffd9a05f02b call 7ffd9a09f9c8 1213->1218 1214->1208 1215->1210 1216->1215 1221 7ffd9a05f44a-7ffd9a05f44f call 7ffd9a0bf500 1216->1221 1217->1218 1223 7ffd9a05f450-7ffd9a05f455 call 7ffd9a0bf500 1217->1223 1218->1212 1229 7ffd9a05f0c2-7ffd9a05f0e6 1219->1229 1230 7ffd9a05f091-7ffd9a05f0a2 1219->1230 1226 7ffd9a05f04f-7ffd9a05f062 1220->1226 1227 7ffd9a05f068 call 7ffd9a09f9c8 1220->1227 1221->1223 1237 7ffd9a05f456-7ffd9a05f49c call 7ffd9a0bf500 call 7ffd9a0c582c 1223->1237 1226->1227 1226->1237 1227->1219 1232 7ffd9a05f101-7ffd9a05f166 call 7ffd9a0a2a80 call 7ffd9a0a2020 call 7ffd9a0a2ab0 1229->1232 1233 7ffd9a05f0e8-7ffd9a05f0fd 1229->1233 1239 7ffd9a05f0a4-7ffd9a05f0b7 1230->1239 1240 7ffd9a05f0bd call 7ffd9a09f9c8 1230->1240 1268 7ffd9a05f195-7ffd9a05f1d9 call 7ffd9a05d760 call 7ffd9a0a2a80 call 7ffd9a046d20 1232->1268 1269 7ffd9a05f168-7ffd9a05f179 1232->1269 1233->1232 1257 7ffd9a05f4a0-7ffd9a05f4a8 1237->1257 1239->1240 1244 7ffd9a05f424-7ffd9a05f449 call 7ffd9a0bf500 call 7ffd9a078124 call 7ffd9a0bf500 * 3 call 7ffd9a043150 1239->1244 1240->1229 1244->1221 1257->1257 1260 7ffd9a05f4aa-7ffd9a05f4ba call 7ffd9a041800 1257->1260 1287 7ffd9a05f1df-7ffd9a05f20f call 7ffd9a0a2020 call 7ffd9a0a2ab0 1268->1287 1288 7ffd9a05f1db 1268->1288 1269->1268 1271 7ffd9a05f17b-7ffd9a05f189 1269->1271 1271->1268 1275 7ffd9a05f18b-7ffd9a05f18e 1271->1275 1275->1268 1293 7ffd9a05f211-7ffd9a05f222 1287->1293 1294 7ffd9a05f23e-7ffd9a05f27a call 7ffd9a0a4620 call 7ffd9a0a5470 call 7ffd9a0a48f0 1287->1294 1288->1287 1293->1294 1296 7ffd9a05f224-7ffd9a05f232 1293->1296 1305 7ffd9a05f3d1-7ffd9a05f3d4 1294->1305 1306 7ffd9a05f280-7ffd9a05f33d call 7ffd9a04d990 call 7ffd9a055630 call 7ffd9a05e360 call 7ffd9a0a89d0 1294->1306 1296->1294 1298 7ffd9a05f234-7ffd9a05f237 1296->1298 1298->1294 1307 7ffd9a05f3e0-7ffd9a05f3ef call 7ffd9a0574c0 1305->1307 1308 7ffd9a05f3d6-7ffd9a05f3db call 7ffd9a0a4330 1305->1308 1326 7ffd9a05f353-7ffd9a05f360 1306->1326 1327 7ffd9a05f33f-7ffd9a05f343 1306->1327 1316 7ffd9a05f3f1-7ffd9a05f3f5 ReleaseSRWLockShared 1307->1316 1317 7ffd9a05f3fa-7ffd9a05f423 call 7ffd9a0a0080 1307->1317 1308->1307 1316->1317 1330 7ffd9a05f36f-7ffd9a05f376 call 7ffd9a05d3e0 1326->1330 1328 7ffd9a05f37b-7ffd9a05f384 1327->1328 1329 7ffd9a05f345-7ffd9a05f351 1327->1329 1332 7ffd9a05f389-7ffd9a05f3ae call 7ffd9a05d3e0 call 7ffd9a04a0d0 call 7ffd9a0a4910 1328->1332 1333 7ffd9a05f386 1328->1333 1329->1330 1330->1328 1339 7ffd9a05f3b3-7ffd9a05f3cc call 7ffd9a0a8910 call 7ffd9a057290 1332->1339 1333->1332 1339->1305
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: !!!FATAL!!! $FileName$Scope$ThreadId
                                                                                                                  • API String ID: 0-967080973
                                                                                                                  • Opcode ID: 4e1255f63a5424c12aff2119a165ed6b3e4409f8438a9b7516dbfd73cc261f37
                                                                                                                  • Instruction ID: 8e09a73aeea7ba383213a40d37a6f6bdd1dfba16b30727d9fc4a489f2714065b
                                                                                                                  • Opcode Fuzzy Hash: 4e1255f63a5424c12aff2119a165ed6b3e4409f8438a9b7516dbfd73cc261f37
                                                                                                                  • Instruction Fuzzy Hash: C0F1CC73B09B8685EF698FA5D8643E93360EB84784F405172DA4D47BA9EF3CE584E300
                                                                                                                  Function 00007FFD9A05EDC8 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 349COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1344 7ffd9a05edc8-7ffd9a05ee74 call 7ffd9a0b2b60 call 7ffd9a04e160 1352 7ffd9a05ee79-7ffd9a05ef7a call 7ffd9a04ef80 call 7ffd9a0a2a80 call 7ffd9a0a2020 call 7ffd9a0a2ab0 1344->1352 1353 7ffd9a05ee76 1344->1353 1365 7ffd9a05ef7c-7ffd9a05ef8d 1352->1365 1366 7ffd9a05efa8-7ffd9a05efb3 1352->1366 1353->1352 1365->1366 1367 7ffd9a05ef8f-7ffd9a05ef9d 1365->1367 1368 7ffd9a05efea-7ffd9a05eff5 1366->1368 1369 7ffd9a05efb5-7ffd9a05efc9 1366->1369 1367->1366 1372 7ffd9a05ef9f-7ffd9a05efa7 1367->1372 1370 7ffd9a05f02c-7ffd9a05f037 1368->1370 1371 7ffd9a05eff7-7ffd9a05f00b 1368->1371 1373 7ffd9a05efe4-7ffd9a05efe9 call 7ffd9a09f9c8 1369->1373 1374 7ffd9a05efcb-7ffd9a05efde 1369->1374 1377 7ffd9a05f06d-7ffd9a05f08f 1370->1377 1378 7ffd9a05f039-7ffd9a05f04d 1370->1378 1375 7ffd9a05f00d-7ffd9a05f020 1371->1375 1376 7ffd9a05f026-7ffd9a05f02b call 7ffd9a09f9c8 1371->1376 1372->1366 1373->1368 1374->1373 1379 7ffd9a05f44a-7ffd9a05f44f call 7ffd9a0bf500 1374->1379 1375->1376 1381 7ffd9a05f450-7ffd9a05f455 call 7ffd9a0bf500 1375->1381 1376->1370 1387 7ffd9a05f0c2-7ffd9a05f0e6 1377->1387 1388 7ffd9a05f091-7ffd9a05f0a2 1377->1388 1384 7ffd9a05f04f-7ffd9a05f062 1378->1384 1385 7ffd9a05f068 call 7ffd9a09f9c8 1378->1385 1379->1381 1395 7ffd9a05f456-7ffd9a05f49c call 7ffd9a0bf500 call 7ffd9a0c582c 1381->1395 1384->1385 1384->1395 1385->1377 1390 7ffd9a05f101-7ffd9a05f166 call 7ffd9a0a2a80 call 7ffd9a0a2020 call 7ffd9a0a2ab0 1387->1390 1391 7ffd9a05f0e8-7ffd9a05f0fd 1387->1391 1397 7ffd9a05f0a4-7ffd9a05f0b7 1388->1397 1398 7ffd9a05f0bd call 7ffd9a09f9c8 1388->1398 1426 7ffd9a05f195-7ffd9a05f1d9 call 7ffd9a05d760 call 7ffd9a0a2a80 call 7ffd9a046d20 1390->1426 1427 7ffd9a05f168-7ffd9a05f179 1390->1427 1391->1390 1415 7ffd9a05f4a0-7ffd9a05f4a8 1395->1415 1397->1398 1402 7ffd9a05f424-7ffd9a05f449 call 7ffd9a0bf500 call 7ffd9a078124 call 7ffd9a0bf500 * 3 call 7ffd9a043150 1397->1402 1398->1387 1402->1379 1415->1415 1418 7ffd9a05f4aa-7ffd9a05f4ba call 7ffd9a041800 1415->1418 1445 7ffd9a05f1df-7ffd9a05f20f call 7ffd9a0a2020 call 7ffd9a0a2ab0 1426->1445 1446 7ffd9a05f1db 1426->1446 1427->1426 1429 7ffd9a05f17b-7ffd9a05f189 1427->1429 1429->1426 1433 7ffd9a05f18b-7ffd9a05f18e 1429->1433 1433->1426 1451 7ffd9a05f211-7ffd9a05f222 1445->1451 1452 7ffd9a05f23e-7ffd9a05f27a call 7ffd9a0a4620 call 7ffd9a0a5470 call 7ffd9a0a48f0 1445->1452 1446->1445 1451->1452 1454 7ffd9a05f224-7ffd9a05f232 1451->1454 1463 7ffd9a05f3d1-7ffd9a05f3d4 1452->1463 1464 7ffd9a05f280-7ffd9a05f33d call 7ffd9a04d990 call 7ffd9a055630 call 7ffd9a05e360 call 7ffd9a0a89d0 1452->1464 1454->1452 1456 7ffd9a05f234-7ffd9a05f237 1454->1456 1456->1452 1465 7ffd9a05f3e0-7ffd9a05f3ef call 7ffd9a0574c0 1463->1465 1466 7ffd9a05f3d6-7ffd9a05f3db call 7ffd9a0a4330 1463->1466 1484 7ffd9a05f353-7ffd9a05f360 1464->1484 1485 7ffd9a05f33f-7ffd9a05f343 1464->1485 1474 7ffd9a05f3f1-7ffd9a05f3f5 ReleaseSRWLockShared 1465->1474 1475 7ffd9a05f3fa-7ffd9a05f423 call 7ffd9a0a0080 1465->1475 1466->1465 1474->1475 1488 7ffd9a05f36f-7ffd9a05f376 call 7ffd9a05d3e0 1484->1488 1486 7ffd9a05f37b-7ffd9a05f384 1485->1486 1487 7ffd9a05f345-7ffd9a05f351 1485->1487 1490 7ffd9a05f389-7ffd9a05f39f call 7ffd9a05d3e0 call 7ffd9a04a0d0 1486->1490 1491 7ffd9a05f386 1486->1491 1487->1488 1488->1486 1495 7ffd9a05f3a4-7ffd9a05f3ae call 7ffd9a0a4910 1490->1495 1491->1490 1497 7ffd9a05f3b3-7ffd9a05f3cc call 7ffd9a0a8910 call 7ffd9a057290 1495->1497 1497->1463
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: !!!FATAL!!! $FileName$Scope$ThreadId
                                                                                                                  • API String ID: 0-967080973
                                                                                                                  • Opcode ID: d43a1a34a926983430290ba7df7125675037cb552fe236f9c81a9310c05e96c3
                                                                                                                  • Instruction ID: bd0773ba79db33bba533618e82b045c120a7b62b6ead21efa257e91c4e61854f
                                                                                                                  • Opcode Fuzzy Hash: d43a1a34a926983430290ba7df7125675037cb552fe236f9c81a9310c05e96c3
                                                                                                                  • Instruction Fuzzy Hash: 86F1AB73B08B8685EB798FA5D8643E93360EB84794F405172DA4D47BA9DF3CE684E300
                                                                                                                  Function 00007FFD9A04455F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 182COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1502 7ffd9a04455f-7ffd9a044578 call 7ffd9a060ce0 1505 7ffd9a04457a-7ffd9a04458f 1502->1505 1506 7ffd9a0445f9-7ffd9a04461d call 7ffd9a0a0080 1502->1506 1507 7ffd9a0445f3-7ffd9a0445f8 call 7ffd9a09f9c8 1505->1507 1508 7ffd9a044591-7ffd9a0445a4 1505->1508 1507->1506 1510 7ffd9a04463c-7ffd9a044647 call 7ffd9a0bf500 * 2 1508->1510 1511 7ffd9a0445aa 1508->1511 1521 7ffd9a044650-7ffd9a0446cf call 7ffd9a05d760 1510->1521 1511->1507 1524 7ffd9a0446d1-7ffd9a0446da 1521->1524 1525 7ffd9a0446ec-7ffd9a044700 call 7ffd9a060ce0 1521->1525 1526 7ffd9a0446df-7ffd9a0446e7 call 7ffd9a043270 1524->1526 1527 7ffd9a0446dc 1524->1527 1531 7ffd9a044734-7ffd9a04475b call 7ffd9a050950 1525->1531 1532 7ffd9a044702-7ffd9a044714 1525->1532 1526->1525 1527->1526 1537 7ffd9a044760-7ffd9a044788 call 7ffd9a042230 1531->1537 1534 7ffd9a04472f call 7ffd9a09f9c8 1532->1534 1535 7ffd9a044716-7ffd9a044729 1532->1535 1534->1531 1535->1534 1538 7ffd9a0448f7-7ffd9a0448fc call 7ffd9a0bf500 1535->1538 1541 7ffd9a04478d-7ffd9a04479a 1537->1541 1545 7ffd9a0448fd-7ffd9a044902 call 7ffd9a0bf500 1538->1545 1543 7ffd9a0447d1-7ffd9a044805 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a04b150 1541->1543 1544 7ffd9a04479c-7ffd9a0447b1 1541->1544 1561 7ffd9a04483d-7ffd9a044850 call 7ffd9a060ce0 1543->1561 1562 7ffd9a044807-7ffd9a04481c 1543->1562 1546 7ffd9a0447b3-7ffd9a0447c6 1544->1546 1547 7ffd9a0447cc call 7ffd9a09f9c8 1544->1547 1553 7ffd9a044903-7ffd9a044908 call 7ffd9a0bf500 1545->1553 1546->1545 1546->1547 1547->1543 1560 7ffd9a044909-7ffd9a044923 call 7ffd9a0bf500 * 2 1553->1560 1560->1521 1572 7ffd9a044852-7ffd9a044864 1561->1572 1573 7ffd9a044885-7ffd9a0448f6 call 7ffd9a0a0080 1561->1573 1564 7ffd9a04481e-7ffd9a044831 1562->1564 1565 7ffd9a044837-7ffd9a04483c call 7ffd9a09f9c8 1562->1565 1564->1553 1564->1565 1565->1561 1575 7ffd9a04487f-7ffd9a044884 call 7ffd9a09f9c8 1572->1575 1576 7ffd9a044866-7ffd9a044879 1572->1576 1575->1573 1576->1560 1576->1575
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                  • API String ID: 3668304517-2202528157
                                                                                                                  • Opcode ID: 55019143d156af845b3f99fd126a35005dc8cbb2b6df535daa8d98399302e1af
                                                                                                                  • Instruction ID: 716cb9886fac5818f3d31d459925f3c2e660ca1c0ee4cceb5ca66a0709491cfc
                                                                                                                  • Opcode Fuzzy Hash: 55019143d156af845b3f99fd126a35005dc8cbb2b6df535daa8d98399302e1af
                                                                                                                  • Instruction Fuzzy Hash: 0F71C463B1868742EA28DB95E06436E7391FB857E0F504272EAAD43BDDEF2CD480D700
                                                                                                                  Function 00007FFD9A044195 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1583 7ffd9a044195-7ffd9a0441a8 call 7ffd9a060ce0 1586 7ffd9a0441aa-7ffd9a0441bc 1583->1586 1587 7ffd9a0441d9-7ffd9a0441f3 call 7ffd9a0a0080 1583->1587 1589 7ffd9a0441be-7ffd9a0441d1 1586->1589 1590 7ffd9a0441d3-7ffd9a0441d8 call 7ffd9a09f9c8 1586->1590 1589->1590 1593 7ffd9a044200-7ffd9a0442c8 call 7ffd9a0bf500 call 7ffd9a05d760 1589->1593 1590->1587 1600 7ffd9a0442e8-7ffd9a044302 call 7ffd9a060ce0 1593->1600 1601 7ffd9a0442ca-7ffd9a0442d3 1593->1601 1607 7ffd9a044304-7ffd9a044319 1600->1607 1608 7ffd9a044339-7ffd9a0443e8 call 7ffd9a050950 call 7ffd9a041fb0 1600->1608 1603 7ffd9a0442d8-7ffd9a0442e3 call 7ffd9a043270 1601->1603 1604 7ffd9a0442d5 1601->1604 1603->1600 1604->1603 1609 7ffd9a044334 call 7ffd9a09f9c8 1607->1609 1610 7ffd9a04431b-7ffd9a04432e 1607->1610 1620 7ffd9a04441f-7ffd9a044456 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a0499b0 1608->1620 1621 7ffd9a0443ea-7ffd9a0443ff 1608->1621 1609->1608 1610->1609 1612 7ffd9a04461e-7ffd9a044623 call 7ffd9a0bf500 1610->1612 1619 7ffd9a044624-7ffd9a044629 call 7ffd9a0bf500 1612->1619 1630 7ffd9a04462a-7ffd9a04462f call 7ffd9a0bf500 1619->1630 1635 7ffd9a04445b-7ffd9a044469 1620->1635 1624 7ffd9a044401-7ffd9a044414 1621->1624 1625 7ffd9a04441a call 7ffd9a09f9c8 1621->1625 1624->1619 1624->1625 1625->1620 1636 7ffd9a044630-7ffd9a044647 call 7ffd9a0bf500 * 4 1630->1636 1637 7ffd9a0444a1-7ffd9a0444c5 call 7ffd9a060ce0 1635->1637 1638 7ffd9a04446b-7ffd9a044480 1635->1638 1665 7ffd9a044650-7ffd9a0446cf call 7ffd9a05d760 1636->1665 1649 7ffd9a0444fd-7ffd9a04461d call 7ffd9a0a0080 1637->1649 1650 7ffd9a0444c7-7ffd9a0444dc 1637->1650 1640 7ffd9a044482-7ffd9a044495 1638->1640 1641 7ffd9a04449b-7ffd9a0444a0 call 7ffd9a09f9c8 1638->1641 1640->1630 1640->1641 1641->1637 1653 7ffd9a0444de-7ffd9a0444f1 1650->1653 1654 7ffd9a0444f7-7ffd9a0444fc call 7ffd9a09f9c8 1650->1654 1653->1636 1653->1654 1654->1649 1668 7ffd9a0446d1-7ffd9a0446da 1665->1668 1669 7ffd9a0446ec-7ffd9a044700 call 7ffd9a060ce0 1665->1669 1670 7ffd9a0446df-7ffd9a0446e7 call 7ffd9a043270 1668->1670 1671 7ffd9a0446dc 1668->1671 1675 7ffd9a044734-7ffd9a044788 call 7ffd9a050950 call 7ffd9a042230 1669->1675 1676 7ffd9a044702-7ffd9a044714 1669->1676 1670->1669 1671->1670 1685 7ffd9a04478d-7ffd9a04479a 1675->1685 1678 7ffd9a04472f call 7ffd9a09f9c8 1676->1678 1679 7ffd9a044716-7ffd9a044729 1676->1679 1678->1675 1679->1678 1682 7ffd9a0448f7-7ffd9a0448fc call 7ffd9a0bf500 1679->1682 1689 7ffd9a0448fd-7ffd9a044902 call 7ffd9a0bf500 1682->1689 1687 7ffd9a0447d1-7ffd9a044805 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a04b150 1685->1687 1688 7ffd9a04479c-7ffd9a0447b1 1685->1688 1705 7ffd9a04483d-7ffd9a044850 call 7ffd9a060ce0 1687->1705 1706 7ffd9a044807-7ffd9a04481c 1687->1706 1690 7ffd9a0447b3-7ffd9a0447c6 1688->1690 1691 7ffd9a0447cc call 7ffd9a09f9c8 1688->1691 1697 7ffd9a044903-7ffd9a044908 call 7ffd9a0bf500 1689->1697 1690->1689 1690->1691 1691->1687 1704 7ffd9a044909-7ffd9a044923 call 7ffd9a0bf500 * 2 1697->1704 1704->1665 1716 7ffd9a044852-7ffd9a044864 1705->1716 1717 7ffd9a044885-7ffd9a0448f6 call 7ffd9a0a0080 1705->1717 1708 7ffd9a04481e-7ffd9a044831 1706->1708 1709 7ffd9a044837-7ffd9a04483c call 7ffd9a09f9c8 1706->1709 1708->1697 1708->1709 1709->1705 1719 7ffd9a04487f-7ffd9a044884 call 7ffd9a09f9c8 1716->1719 1720 7ffd9a044866-7ffd9a044879 1716->1720 1719->1717 1720->1704 1720->1719
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                                                                                  • API String ID: 3668304517-3364537058
                                                                                                                  • Opcode ID: 70eaf972c4f0a84a90e1e23765420713bd5f986fab5b9aa3a89531dfd7e63064
                                                                                                                  • Instruction ID: 6d92347c94aa1c7fac7e8b13592f4debb17197ca6a7c56b8b27e643d2328290b
                                                                                                                  • Opcode Fuzzy Hash: 70eaf972c4f0a84a90e1e23765420713bd5f986fab5b9aa3a89531dfd7e63064
                                                                                                                  • Instruction Fuzzy Hash: F7916163B18B8682EA24CBA5E4543AE7391FB857A0F504272DA9D43ADDEF7CD480D700
                                                                                                                  Function 00007FFD9A0D6E14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 193COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1727 7ffd9a0d6e14-7ffd9a0d6e43 call 7ffd9a0d6d84 1730 7ffd9a0d70f9-7ffd9a0d710f call 7ffd9a0bf530 1727->1730 1731 7ffd9a0d6e49-7ffd9a0d6e50 1727->1731 1732 7ffd9a0d70f5-7ffd9a0d70f7 1731->1732 1733 7ffd9a0d6e56-7ffd9a0d6e63 1731->1733 1737 7ffd9a0d7093-7ffd9a0d70b0 1732->1737 1735 7ffd9a0d6e65-7ffd9a0d6e6b 1733->1735 1736 7ffd9a0d6e71-7ffd9a0d6e77 1733->1736 1735->1736 1739 7ffd9a0d7069-7ffd9a0d707c 1735->1739 1740 7ffd9a0d6fe2-7ffd9a0d705a call 7ffd9a0d7110 1736->1740 1741 7ffd9a0d6e7d-7ffd9a0d6e84 1736->1741 1745 7ffd9a0d70b1-7ffd9a0d70b3 1739->1745 1746 7ffd9a0d707e-7ffd9a0d7081 1739->1746 1754 7ffd9a0d705d-7ffd9a0d7064 call 7ffd9a0d7110 1740->1754 1743 7ffd9a0d6e86-7ffd9a0d6ee8 call 7ffd9a0d7110 1741->1743 1744 7ffd9a0d6eed-7ffd9a0d6f24 call 7ffd9a0cd978 1741->1744 1761 7ffd9a0d6f6d-7ffd9a0d6f9b 1743->1761 1762 7ffd9a0d6f26-7ffd9a0d6f2d 1744->1762 1763 7ffd9a0d6f2f 1744->1763 1747 7ffd9a0d70b5-7ffd9a0d70b8 1745->1747 1748 7ffd9a0d7090 1745->1748 1746->1732 1752 7ffd9a0d7083-7ffd9a0d7085 1746->1752 1747->1748 1753 7ffd9a0d70ba-7ffd9a0d70bc 1747->1753 1748->1737 1752->1732 1757 7ffd9a0d7087-7ffd9a0d708a 1752->1757 1758 7ffd9a0d70c3-7ffd9a0d70d9 1753->1758 1759 7ffd9a0d70be-7ffd9a0d70c1 1753->1759 1754->1739 1757->1758 1764 7ffd9a0d708c-7ffd9a0d708e 1757->1764 1767 7ffd9a0d70e9-7ffd9a0d70f3 1758->1767 1768 7ffd9a0d70db-7ffd9a0d70e1 1758->1768 1759->1732 1759->1758 1765 7ffd9a0d6fb3-7ffd9a0d6fbf 1761->1765 1766 7ffd9a0d6f9d-7ffd9a0d6fb1 1761->1766 1769 7ffd9a0d6f36-7ffd9a0d6f67 1762->1769 1763->1769 1764->1748 1764->1758 1770 7ffd9a0d6fc1-7ffd9a0d6fe0 1765->1770 1766->1770 1771 7ffd9a0d70e5-7ffd9a0d70e7 1767->1771 1768->1771 1769->1761 1770->1754 1771->1737
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                  • String ID: ?$Eastern Standard Time$Eastern Summer Time
                                                                                                                  • API String ID: 474895018-688781733
                                                                                                                  • Opcode ID: 1f8f1853e0287c507c433fde31f4f0adba883f7869710e2a82ee3ac69dc10873
                                                                                                                  • Instruction ID: a6d2eead3c5944f7dd1639954cbe16d6cb86c831c605ae0349027e83f20267a9
                                                                                                                  • Opcode Fuzzy Hash: 1f8f1853e0287c507c433fde31f4f0adba883f7869710e2a82ee3ac69dc10873
                                                                                                                  • Instruction Fuzzy Hash: 22917173B1825387E3388F55E4A1479BBA0FB84740F10167AF98D93AA8DB7CE451DB00
                                                                                                                  Function 00007FFD9A0445AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1772 7ffd9a0445ac-7ffd9a0445c5 call 7ffd9a060ce0 1775 7ffd9a0445c7-7ffd9a0445dc 1772->1775 1776 7ffd9a0445f9-7ffd9a04461d call 7ffd9a0a0080 1772->1776 1778 7ffd9a0445de-7ffd9a0445f1 1775->1778 1779 7ffd9a0445f3-7ffd9a0445f8 call 7ffd9a09f9c8 1775->1779 1778->1779 1782 7ffd9a044642-7ffd9a044647 call 7ffd9a0bf500 1778->1782 1779->1776 1787 7ffd9a044650-7ffd9a0446cf call 7ffd9a05d760 1782->1787 1790 7ffd9a0446d1-7ffd9a0446da 1787->1790 1791 7ffd9a0446ec-7ffd9a044700 call 7ffd9a060ce0 1787->1791 1792 7ffd9a0446df-7ffd9a0446e7 call 7ffd9a043270 1790->1792 1793 7ffd9a0446dc 1790->1793 1797 7ffd9a044734-7ffd9a04475b call 7ffd9a050950 1791->1797 1798 7ffd9a044702-7ffd9a044714 1791->1798 1792->1791 1793->1792 1803 7ffd9a044760-7ffd9a044788 call 7ffd9a042230 1797->1803 1800 7ffd9a04472f call 7ffd9a09f9c8 1798->1800 1801 7ffd9a044716-7ffd9a044729 1798->1801 1800->1797 1801->1800 1804 7ffd9a0448f7-7ffd9a0448fc call 7ffd9a0bf500 1801->1804 1807 7ffd9a04478d-7ffd9a04479a 1803->1807 1811 7ffd9a0448fd-7ffd9a044902 call 7ffd9a0bf500 1804->1811 1809 7ffd9a0447d1-7ffd9a044805 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a04b150 1807->1809 1810 7ffd9a04479c-7ffd9a0447b1 1807->1810 1827 7ffd9a04483d-7ffd9a044850 call 7ffd9a060ce0 1809->1827 1828 7ffd9a044807-7ffd9a04481c 1809->1828 1812 7ffd9a0447b3-7ffd9a0447c6 1810->1812 1813 7ffd9a0447cc call 7ffd9a09f9c8 1810->1813 1819 7ffd9a044903-7ffd9a044908 call 7ffd9a0bf500 1811->1819 1812->1811 1812->1813 1813->1809 1826 7ffd9a044909-7ffd9a044923 call 7ffd9a0bf500 * 2 1819->1826 1826->1787 1838 7ffd9a044852-7ffd9a044864 1827->1838 1839 7ffd9a044885-7ffd9a0448f6 call 7ffd9a0a0080 1827->1839 1830 7ffd9a04481e-7ffd9a044831 1828->1830 1831 7ffd9a044837-7ffd9a04483c call 7ffd9a09f9c8 1828->1831 1830->1819 1830->1831 1831->1827 1841 7ffd9a04487f-7ffd9a044884 call 7ffd9a09f9c8 1838->1841 1842 7ffd9a044866-7ffd9a044879 1838->1842 1841->1839 1842->1826 1842->1841
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                  • API String ID: 3668304517-2202528157
                                                                                                                  • Opcode ID: 7ca1bd24761495eee964530ec7ee32b64daa008283755ba4a70e0f6de0c42d80
                                                                                                                  • Instruction ID: 4dc57f992fdbd7485e6cf7ea9883f9367e498f0b6d9880040fa0420e25d6c129
                                                                                                                  • Opcode Fuzzy Hash: 7ca1bd24761495eee964530ec7ee32b64daa008283755ba4a70e0f6de0c42d80
                                                                                                                  • Instruction Fuzzy Hash: 4671C263B1868742EA28CB95E06436E7391FB857E0F504272EAAD43BDDEF2CD480D700
                                                                                                                  Function 00007FFD9A04488C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1849 7ffd9a04488c-7ffd9a04489f call 7ffd9a060ce0 1852 7ffd9a0448d0 1849->1852 1853 7ffd9a0448a1-7ffd9a0448b3 1849->1853 1856 7ffd9a0448d2-7ffd9a0448f6 call 7ffd9a0a0080 1852->1856 1854 7ffd9a0448b5-7ffd9a0448c8 1853->1854 1855 7ffd9a0448ca-7ffd9a0448cf call 7ffd9a09f9c8 1853->1855 1854->1855 1857 7ffd9a04490f-7ffd9a044923 call 7ffd9a05d760 call 7ffd9a0bf500 1854->1857 1855->1852 1867 7ffd9a0446d1-7ffd9a0446da 1857->1867 1868 7ffd9a0446ec-7ffd9a044700 call 7ffd9a060ce0 1857->1868 1869 7ffd9a0446df-7ffd9a0446e7 call 7ffd9a043270 1867->1869 1870 7ffd9a0446dc 1867->1870 1874 7ffd9a044734-7ffd9a044788 call 7ffd9a050950 call 7ffd9a042230 1868->1874 1875 7ffd9a044702-7ffd9a044714 1868->1875 1869->1868 1870->1869 1884 7ffd9a04478d-7ffd9a04479a 1874->1884 1877 7ffd9a04472f call 7ffd9a09f9c8 1875->1877 1878 7ffd9a044716-7ffd9a044729 1875->1878 1877->1874 1878->1877 1881 7ffd9a0448f7-7ffd9a0448fc call 7ffd9a0bf500 1878->1881 1888 7ffd9a0448fd-7ffd9a044902 call 7ffd9a0bf500 1881->1888 1886 7ffd9a0447d1-7ffd9a044805 call 7ffd9a0484b0 call 7ffd9a050950 call 7ffd9a04b150 1884->1886 1887 7ffd9a04479c-7ffd9a0447b1 1884->1887 1904 7ffd9a04483d-7ffd9a044850 call 7ffd9a060ce0 1886->1904 1905 7ffd9a044807-7ffd9a04481c 1886->1905 1889 7ffd9a0447b3-7ffd9a0447c6 1887->1889 1890 7ffd9a0447cc call 7ffd9a09f9c8 1887->1890 1896 7ffd9a044903-7ffd9a044908 call 7ffd9a0bf500 1888->1896 1889->1888 1889->1890 1890->1886 1903 7ffd9a044909-7ffd9a04490e call 7ffd9a0bf500 1896->1903 1903->1857 1914 7ffd9a044852-7ffd9a044864 1904->1914 1915 7ffd9a044885-7ffd9a04488a 1904->1915 1907 7ffd9a04481e-7ffd9a044831 1905->1907 1908 7ffd9a044837-7ffd9a04483c call 7ffd9a09f9c8 1905->1908 1907->1896 1907->1908 1908->1904 1916 7ffd9a04487f-7ffd9a044884 call 7ffd9a09f9c8 1914->1916 1917 7ffd9a044866-7ffd9a044879 1914->1917 1915->1856 1916->1915 1917->1903 1917->1916
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                  • API String ID: 3668304517-2202528157
                                                                                                                  • Opcode ID: c8c3eb0ad650273b184d8eff6caae649ff6c7c2527569d56c66250ae953083db
                                                                                                                  • Instruction ID: 7db0778d6c3ed07443a27d43df158aac4f69c5d0b75090d3df2344ca2162b1f9
                                                                                                                  • Opcode Fuzzy Hash: c8c3eb0ad650273b184d8eff6caae649ff6c7c2527569d56c66250ae953083db
                                                                                                                  • Instruction Fuzzy Hash: F261A263B1868742EA288BA5E06436E7391FB857E0F504375E6AD43BDDEF6DE4809700
                                                                                                                  Function 00007FFD9A041FB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 143COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: -$D$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp
                                                                                                                  • API String ID: 0-2824907369
                                                                                                                  • Opcode ID: 86e516bfbe6603f319d4290b3e68b3241372c7b9c41300959bd7990dc46fdf83
                                                                                                                  • Instruction ID: e491ab7f59a3e53f085ffc9c7eb875d2a348a4b5524fbbb3312c7be752a18cdd
                                                                                                                  • Opcode Fuzzy Hash: 86e516bfbe6603f319d4290b3e68b3241372c7b9c41300959bd7990dc46fdf83
                                                                                                                  • Instruction Fuzzy Hash: 28514F73A08BC981EA358B59E4513EAB360FBD97A0F405225DBDD13B99EF78D181DB00
                                                                                                                  Function 00007FFD9A09DC40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateDirectoryExW.KERNEL32(?,?,?,?,?,?,00000000,00007FFD9A09DAC0), ref: 00007FFD9A09DC96
                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,00000000,00007FFD9A09DAC0), ref: 00007FFD9A09DCAA
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FFD9A09DAC0), ref: 00007FFD9A09DCC6
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateDirectory$ErrorLast
                                                                                                                  • String ID: boost::filesystem::create_directory
                                                                                                                  • API String ID: 2485089472-2941204237
                                                                                                                  • Opcode ID: 007bc1e7fd6e910ffc57d43d67501cef627aadd5a2bb581c2b553780733c0d17
                                                                                                                  • Instruction ID: 986cbf2cb9af5ffc85a1807e39b75b5a57a8a15abad113b1976f74c643f7be65
                                                                                                                  • Opcode Fuzzy Hash: 007bc1e7fd6e910ffc57d43d67501cef627aadd5a2bb581c2b553780733c0d17
                                                                                                                  • Instruction Fuzzy Hash: 5221DE63B18B4382EA288B65A41426A73A0FFC9BC4F544271EA4D17758DF7CD584E740
                                                                                                                  Function 00007FFD9A041B48 Relevance: 6.2, APIs: 4, Instructions: 177COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: ccf48cbe51f1b3e9d5a0845c249657e0bf0a83333a841c8e209c725e20bcd2d1
                                                                                                                  • Instruction ID: b926cf5111f53a1a889479f92c7231e86e24dbc9bc2b8220c62dcf2a3e9e85f0
                                                                                                                  • Opcode Fuzzy Hash: ccf48cbe51f1b3e9d5a0845c249657e0bf0a83333a841c8e209c725e20bcd2d1
                                                                                                                  • Instruction Fuzzy Hash: A15194A3B0CBC640FA349BA9E4553ADB351FB857F0F405331DAAD42AD9EE6CD0859700
                                                                                                                  Function 00007FFD9A0561CE Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1944019136-0
                                                                                                                  • Opcode ID: 4fb34ce46e5027e60761300b274f8fdbfb020687e157cde23a4e9595b93d5efb
                                                                                                                  • Instruction ID: e7eb961b1fbee86d20751549074363c8639cb124913617cd47d9db85424922e8
                                                                                                                  • Opcode Fuzzy Hash: 4fb34ce46e5027e60761300b274f8fdbfb020687e157cde23a4e9595b93d5efb
                                                                                                                  • Instruction Fuzzy Hash: 5151C063F14B8381FB18CFA5D0253AC3322EB49B98F049271DA9D176DAEE68E490D340
                                                                                                                  Function 00007FFD9A09E2E0 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFileLast$Create$AttributesCloseHandle_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1118509424-0
                                                                                                                  • Opcode ID: bb2368e3caadeaa83d1a2ce998a2b899ffb75d71d6edb12208d02f1c0390d4f2
                                                                                                                  • Instruction ID: ebd6bff311b7c3f80a26153b9c263f2b2666ffb16b3eeec09a3dacd2d412ecc8
                                                                                                                  • Opcode Fuzzy Hash: bb2368e3caadeaa83d1a2ce998a2b899ffb75d71d6edb12208d02f1c0390d4f2
                                                                                                                  • Instruction Fuzzy Hash: B941D863B0878286E6248B95E85426AB761FBC57E4F604331EBAD03ADDDF7CE8459700
                                                                                                                  Function 00007FFD9A09D720 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: boost::filesystem::create_directories
                                                                                                                  • API String ID: 3668304517-2171239142
                                                                                                                  • Opcode ID: bbce288306e87dc9bde202af0291c8cfbdee837352aae5b759e8eba090d9e70c
                                                                                                                  • Instruction ID: 83da29c6c7dcec5eef0265e6ee82a7b78802809326c52680b71298e781911acb
                                                                                                                  • Opcode Fuzzy Hash: bbce288306e87dc9bde202af0291c8cfbdee837352aae5b759e8eba090d9e70c
                                                                                                                  • Instruction Fuzzy Hash: 9AE1AD23F18A8386EB14DFA4D8612EE73B1FB94388F405172EA4D169ADEF78E545D300
                                                                                                                  Function 00007FFD9A042230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: M
                                                                                                                  • API String ID: 3668304517-3664761504
                                                                                                                  • Opcode ID: 7afda48aee0dc4f89e40db23cd713e23589d7bad005a587ef078049d85720739
                                                                                                                  • Instruction ID: 53ad8e3a561e3b4835af51798847966b6c8fc358498ec58260131bf001aa6da6
                                                                                                                  • Opcode Fuzzy Hash: 7afda48aee0dc4f89e40db23cd713e23589d7bad005a587ef078049d85720739
                                                                                                                  • Instruction Fuzzy Hash: 60417363A08BCA41EA648B65E4503AAB361FBD97A0F405325DADC43A99EF3CE084D700
                                                                                                                  Function 00007FFD9A041DD0 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 5438c257942e1981ca7a83fb2cca5ea8b226861105b097116a163316d1a7c0af
                                                                                                                  • Instruction ID: 45a261f56aa41cae075a01d6470764b52f67d9ce8cb3fc467a00f7e9f565a693
                                                                                                                  • Opcode Fuzzy Hash: 5438c257942e1981ca7a83fb2cca5ea8b226861105b097116a163316d1a7c0af
                                                                                                                  • Instruction Fuzzy Hash: 30417063B18BCA40EA348B65E4503AAB351FB897E0F405321DAED03AD9EF7CD095C700
                                                                                                                  Function 00007FFD9A0464A0 Relevance: 3.1, APIs: 2, Instructions: 118COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: c63e483538956272410cb137ff0ab1a65d5c55bb6ec85c1fc734c14e539a92b3
                                                                                                                  • Instruction ID: d5a693b255e0a4d06657df9b76f5007ccb19a50513a08765851b91a9f4470beb
                                                                                                                  • Opcode Fuzzy Hash: c63e483538956272410cb137ff0ab1a65d5c55bb6ec85c1fc734c14e539a92b3
                                                                                                                  • Instruction Fuzzy Hash: C1418263A08BC641EA348B68E4553AEB351FB897E0F409335DAED53AD9EF7CD4849700
                                                                                                                  Function 00007FFD9A042660 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3668304517-0
                                                                                                                  • Opcode ID: 9bcc85ee284d6b5ac0e6a682407df0580b12342b1a22b16ff9572196ada4bff5
                                                                                                                  • Instruction ID: 7e532e9bd67cb52493b80432beb9a162b3f73193c56970641f64c1b9e2f49747
                                                                                                                  • Opcode Fuzzy Hash: 9bcc85ee284d6b5ac0e6a682407df0580b12342b1a22b16ff9572196ada4bff5
                                                                                                                  • Instruction Fuzzy Hash: E0416E63B08BC640EA748B69E4553AEB350FB897A0F409335DAEC53AD9EF7CD0859700
                                                                                                                  Function 00007FFD9A052910 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LockShared$AcquireRelease
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2614130328-0
                                                                                                                  • Opcode ID: 9c9b98ff0c234a22d35ee8cb0ab2ee3347609414d5780889e5c684dc65a826cc
                                                                                                                  • Instruction ID: f21a322237d4314277400238dc34f757189188a4a62300b832af8d6dab0a6b2a
                                                                                                                  • Opcode Fuzzy Hash: 9c9b98ff0c234a22d35ee8cb0ab2ee3347609414d5780889e5c684dc65a826cc
                                                                                                                  • Instruction Fuzzy Hash: 19217E23718B4392DA58DBA2D4200AA73A0FF89BD4F441472EA8E13759DF3CE955D740
                                                                                                                  Function 00007FFD9A054AA0 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentEventThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2592414440-0
                                                                                                                  • Opcode ID: 4b05e70850662d3672d1e4ff58b681fe7956ec6eb8431c754c2e462850123788
                                                                                                                  • Instruction ID: 2217b1359b189219052e30ee76d9a68456504cd21ee4e0c2928130e8f5304db5
                                                                                                                  • Opcode Fuzzy Hash: 4b05e70850662d3672d1e4ff58b681fe7956ec6eb8431c754c2e462850123788
                                                                                                                  • Instruction Fuzzy Hash: E411BF33A0C24386FB398FA3E4142B9B3A1FB45B94F189470CE0D87259DE3DD452A640
                                                                                                                  Function 00007FFD9A04F230 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 73155330-0
                                                                                                                  • Opcode ID: 7a6a629a6b8acab1f3825e71a41c9767bef2757fb968a0234065bb75f22e3a7c
                                                                                                                  • Instruction ID: 47fea012f228a467a133dbc10a79fffb1e1f5d57fcc7269a4f2b2d83121897c2
                                                                                                                  • Opcode Fuzzy Hash: 7a6a629a6b8acab1f3825e71a41c9767bef2757fb968a0234065bb75f22e3a7c
                                                                                                                  • Instruction Fuzzy Hash: 6EF04F57F1660356ED7CA2A1C16627962C06F59BB0F940BB0DA3D063D9FD1CA5D26200
                                                                                                                  Function 00007FFD9A09DE20 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 067e0a2ede249a6ecf98f382bcefb1abdf032335135c8c2eb1af27ab21131d2e
                                                                                                                  • Instruction ID: 7f9b1b5d569aa27585b26389f32a0633995ee97f73b0cc8e439c8fe467957885
                                                                                                                  • Opcode Fuzzy Hash: 067e0a2ede249a6ecf98f382bcefb1abdf032335135c8c2eb1af27ab21131d2e
                                                                                                                  • Instruction Fuzzy Hash: 61510617B146D384EE389BE9C17537A72A0EBD0B98F548573EE4C0229DEF2CD9929300
                                                                                                                  Function 00007FFD9A0635D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: wcsftime
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2902305603-0
                                                                                                                  • Opcode ID: 18733296c6fc2a13b6026d2f43dbf3078b6a882461142f725cb917f089e54d63
                                                                                                                  • Instruction ID: e574bec4ed20332f49c658a3ffd4b80dc1d1753784aa3db836cba7fadd71a2c7
                                                                                                                  • Opcode Fuzzy Hash: 18733296c6fc2a13b6026d2f43dbf3078b6a882461142f725cb917f089e54d63
                                                                                                                  • Instruction Fuzzy Hash: 84119623A08BC582E720CB15E4113AA7360FB98798F415335EB9D0378ADF3CE194C740
                                                                                                                  Function 00007FFD9A05D73A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$EnterInit_thread_footerLeave
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3960375172-0
                                                                                                                  • Opcode ID: e05873258c21d9d6726ab9171bad3dfa8df11c24947226a3b163f8f1d0d13104
                                                                                                                  • Instruction ID: 51d3db4cc232a71b4b169a985629ed36e559859e3557c6d14001b93d96a4b488
                                                                                                                  • Opcode Fuzzy Hash: e05873258c21d9d6726ab9171bad3dfa8df11c24947226a3b163f8f1d0d13104
                                                                                                                  • Instruction Fuzzy Hash: 41C08C03F4A80B52EA39A7C4D87107C32019FD5390B8100B0C80C452F6DD1CBEE2F310
                                                                                                                  Function 00007FFD9A0D35E4 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FFD9A0D1BA2,?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000), ref: 00007FFD9A0D3639
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4292702814-0
                                                                                                                  • Opcode ID: 8a8076d8b911538262ddf2c283b8724ada757c2232be91ab832054381dbbbc66
                                                                                                                  • Instruction ID: 7f98718e77bc033650985b160d34f7871dd0497f932e7fdaa0130918dec9592e
                                                                                                                  • Opcode Fuzzy Hash: 8a8076d8b911538262ddf2c283b8724ada757c2232be91ab832054381dbbbc66
                                                                                                                  • Instruction Fuzzy Hash: 27F04947F0D30341FE7D57E599712B932905F88B80F1E85B4E90E873C9EF5CA4406222

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FFD9A079B22 Relevance: 33.3, APIs: 22, Instructions: 306COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetctypeYarn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3181430533-0
                                                                                                                  • Opcode ID: b5450752da9ea4530ec8efb390a7dc6d17c4b1b48e0fd06fe63b0fa6ce6ea16f
                                                                                                                  • Instruction ID: 2c4f1cce3fe35abfb668f4452c8b19c6dd04b85e335b4eaf7effc862f2bb2003
                                                                                                                  • Opcode Fuzzy Hash: b5450752da9ea4530ec8efb390a7dc6d17c4b1b48e0fd06fe63b0fa6ce6ea16f
                                                                                                                  • Instruction Fuzzy Hash: 05D12A23B09A4381EABEDBA5DD701B83BA1FF547D4F4440B5D94E5329ADF3CA942A340
                                                                                                                  Function 00007FFD9A044930 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 438COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __tlregdtor
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$Unknown exception$monitor_readport {:#x}, {:#x}, {}, {:#x}$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                  • API String ID: 1373327856-2181671907
                                                                                                                  • Opcode ID: 3b5e4c59b0c7a12e8350fdbde2290a376743fee4a1c4e51955ba074ca3e142f0
                                                                                                                  • Instruction ID: d3afa1dc75d9d54414bd81e28e630680b10a97a5d9aab6871f90f8212a3b0740
                                                                                                                  • Opcode Fuzzy Hash: 3b5e4c59b0c7a12e8350fdbde2290a376743fee4a1c4e51955ba074ca3e142f0
                                                                                                                  • Instruction Fuzzy Hash: 9C028163B18B8342EA24DBA5E4643AE7391FB85790F504276EA9D43BD9EF3CD484D700
                                                                                                                  Function 00007FFD9A09F390 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 393COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: , "$: "$Unknown exception
                                                                                                                  • API String ID: 3668304517-2574047376
                                                                                                                  • Opcode ID: b595c361e2e63963182f9db9890d6a373dd5ae374d12f738ea7391dd0e70fd8a
                                                                                                                  • Instruction ID: b196e6661a37666b813eee67767d1612e6b652efff5ab70a3a7e4732841948da
                                                                                                                  • Opcode Fuzzy Hash: b595c361e2e63963182f9db9890d6a373dd5ae374d12f738ea7391dd0e70fd8a
                                                                                                                  • Instruction Fuzzy Hash: 0EF1D063B18B8782EA28CF95E0643A97361FB85BD4F604272DA5D077A9DF7DE481D300
                                                                                                                  Function 00007FFD9A0DF2C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: GetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19D7
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsGetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19EC
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: SetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A77
                                                                                                                  • TranslateName.LIBCMT ref: 00007FFD9A0DF32A
                                                                                                                  • TranslateName.LIBCMT ref: 00007FFD9A0DF365
                                                                                                                  • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FFD9A0D254C), ref: 00007FFD9A0DF3AC
                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FFD9A0D254C), ref: 00007FFD9A0DF3E4
                                                                                                                  • GetLocaleInfoW.KERNEL32 ref: 00007FFD9A0DF5A1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                                                  • String ID: utf8
                                                                                                                  • API String ID: 3069159798-905460609
                                                                                                                  • Opcode ID: 37f11421dc2132e4ffe25310b4cf11757d77ae7a0c59ff0f24b4533fed8a8ebb
                                                                                                                  • Instruction ID: b4c16ae3a49ad5f3519c24e5afde79b3e7aea60c9671febe8d333d3fc84d6fcd
                                                                                                                  • Opcode Fuzzy Hash: 37f11421dc2132e4ffe25310b4cf11757d77ae7a0c59ff0f24b4533fed8a8ebb
                                                                                                                  • Instruction Fuzzy Hash: FA917B33B0878381EB789FA1E5212B937A4AF44B84F558271EA4D4779ADF3CE951E700
                                                                                                                  Function 00007FFD9A0DFD08 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: GetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19D7
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsGetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19EC
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: SetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A77
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A0D
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1AAD
                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FFD9A0DFE78
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A3A
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A4B
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A5C
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1ACC
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1AF4
                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FFD9A0D2545), ref: 00007FFD9A0DFE5F
                                                                                                                  • ProcessCodePage.LIBCMT ref: 00007FFD9A0DFEA2
                                                                                                                  • IsValidCodePage.KERNEL32 ref: 00007FFD9A0DFEB4
                                                                                                                  • IsValidLocale.KERNEL32 ref: 00007FFD9A0DFECA
                                                                                                                  • GetLocaleInfoW.KERNEL32 ref: 00007FFD9A0DFF26
                                                                                                                  • GetLocaleInfoW.KERNEL32 ref: 00007FFD9A0DFF42
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2591520935-0
                                                                                                                  • Opcode ID: 69d957cee85878869cc7abbef923967d232a696885391817352ada0f6e399ef7
                                                                                                                  • Instruction ID: 86b5e991c7b3ecbfa8f6fe73a224df0b420f1437dc7fe0b622330f501a68e38b
                                                                                                                  • Opcode Fuzzy Hash: 69d957cee85878869cc7abbef923967d232a696885391817352ada0f6e399ef7
                                                                                                                  • Instruction Fuzzy Hash: 72713B23B0874389FB389BA5D4706BC33A0BF48788F448675EA0D57699DF3CA955E350
                                                                                                                  Function 00007FFD9A0BF214 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1239891234-0
                                                                                                                  • Opcode ID: ca6b45c33ff49a47647ea71850c73a1221297c154a1e89d9f3aed8cbb7f5b5df
                                                                                                                  • Instruction ID: 36ae846a951709f3adf6a7f1120752c8bc73253e0bdc7f9b678b65d686899bb8
                                                                                                                  • Opcode Fuzzy Hash: ca6b45c33ff49a47647ea71850c73a1221297c154a1e89d9f3aed8cbb7f5b5df
                                                                                                                  • Instruction Fuzzy Hash: 2F318237B18B8286DB68CF64E8542AD73A4FB88794F500136EA9D43B98DF38C555D700
                                                                                                                  Function 00007FFD9A0A50E0 Relevance: 4.5, APIs: 3, Instructions: 37memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Heap$AllocProcessstd::bad_alloc::bad_alloc
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3165967205-0
                                                                                                                  • Opcode ID: 08d5281cb440bcd4ed5356b2ec11ad507cdf129e1ea5ab91880c3aecb453f53b
                                                                                                                  • Instruction ID: d5aeb0acceb6b10571974808d9060948e76c0ee6833cfc77e80f37ff5271ab5d
                                                                                                                  • Opcode Fuzzy Hash: 08d5281cb440bcd4ed5356b2ec11ad507cdf129e1ea5ab91880c3aecb453f53b
                                                                                                                  • Instruction Fuzzy Hash: A9F0A753F09B4382EA299BA5E8240743360BF98740B498074DA4F17355EE3CE9D4D600
                                                                                                                  Function 00007FFD9A0D3BD4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                  • Opcode ID: 72be10784b72832793fc8366c21f21e44d8c05a0122345b28a350d4f2194a516
                                                                                                                  • Instruction ID: 3af3db8e0e68111095cc77100bf5315891a58587876696ac3bb3958ffb9dfe54
                                                                                                                  • Opcode Fuzzy Hash: 72be10784b72832793fc8366c21f21e44d8c05a0122345b28a350d4f2194a516
                                                                                                                  • Instruction Fuzzy Hash: 7501A723B08B8286E7288B96B4500A6B360FF88BC0F5850B6EE4D13B5DCF3CE5419341
                                                                                                                  Function 00007FFD9A0DF61C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: GetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19D7
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsGetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19EC
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: SetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A77
                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FFD9A0DFE0B,?,00000000,00000092,?,?,00000000,?,00007FFD9A0D2545), ref: 00007FFD9A0DF6BA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3029459697-0
                                                                                                                  • Opcode ID: f17b4d54490848437cabf8c8bb0b3ec77cf7a560ebe2a93367acbc6783ff5b3c
                                                                                                                  • Instruction ID: 5eba9e289595b566b4b69aec7fe94de4c5046b4f85cbd13948fda6938d5bec07
                                                                                                                  • Opcode Fuzzy Hash: f17b4d54490848437cabf8c8bb0b3ec77cf7a560ebe2a93367acbc6783ff5b3c
                                                                                                                  • Instruction Fuzzy Hash: 9811E463B087468AEB288F55D0902A87BA1FB94BE0F44C239E66D433D8DE78D5D1D740
                                                                                                                  Function 00007FFD9A0DF6EC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: GetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19D7
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: FlsGetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19EC
                                                                                                                    • Part of subcall function 00007FFD9A0D19C8: SetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A77
                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FFD9A0DFDC7,?,00000000,00000092,?,?,00000000,?,00007FFD9A0D2545), ref: 00007FFD9A0DF76A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3029459697-0
                                                                                                                  • Opcode ID: 6cb4ae7a27bccade1f3911f95730409eedef0266c63d0a4336f8648e77ba1ecd
                                                                                                                  • Instruction ID: 876a49690b80c8a4171798de9cf3b0b1c7ffbe3de61c0e6217fae8aab3e2bbf6
                                                                                                                  • Opcode Fuzzy Hash: 6cb4ae7a27bccade1f3911f95730409eedef0266c63d0a4336f8648e77ba1ecd
                                                                                                                  • Instruction Fuzzy Hash: 20019263F0838346E7284B95E4907B976A1EB407A4F45C371E66D476D8CF699481E700
                                                                                                                  Function 00007FFD9A09DD20 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ControlDevice
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2352790924-0
                                                                                                                  • Opcode ID: 42131436067e2879b07197350c761d90aa8545014b84fa670f1b9e9c3c35056c
                                                                                                                  • Instruction ID: 13fbb7a3d38025442f13a3c1a8b8ad26303fda1414a2cbce63d748b15f114bdf
                                                                                                                  • Opcode Fuzzy Hash: 42131436067e2879b07197350c761d90aa8545014b84fa670f1b9e9c3c35056c
                                                                                                                  • Instruction Fuzzy Hash: F4F06973B18B9182E7608B91F45021AB764E7C8BD0F544035FB8E53B58CE3CD8518B44
                                                                                                                  Function 00007FFD9A0D3694 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FFD9A0D3AE3,?,?,?,?,?,?,?,?,00000000,00007FFD9A0DEC6C), ref: 00007FFD9A0D36E3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2099609381-0
                                                                                                                  • Opcode ID: dbbdd8e3c2ff4ff881c507632eca620094f3fe5f8a10d513439e89c4835d3bb2
                                                                                                                  • Instruction ID: 88cbc5681137d66202248580c31a497462ba9ea5506dd22535b008fef6d18b7b
                                                                                                                  • Opcode Fuzzy Hash: dbbdd8e3c2ff4ff881c507632eca620094f3fe5f8a10d513439e89c4835d3bb2
                                                                                                                  • Instruction Fuzzy Hash: A2F06973B08A4283E728DB99E8A01A97365EB887C0F148175EA4D93768CE3CD490D300
                                                                                                                  Function 00007FFD9A09A80C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoLocale
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2299586839-0
                                                                                                                  • Opcode ID: d8f5d480c7471aa2c48bbabab8ad8addd9c7980aa48f61ee73e4df2197183f8b
                                                                                                                  • Instruction ID: fbe6f767329adf38127b4081e5fcf232abe68c2df1f3b0547c7c238066a56c59
                                                                                                                  • Opcode Fuzzy Hash: d8f5d480c7471aa2c48bbabab8ad8addd9c7980aa48f61ee73e4df2197183f8b
                                                                                                                  • Instruction Fuzzy Hash: A4F0582BF2C04382E2BC5AA8846873A3260FB84305F1011BAFA0E4269CCA1DD947A742
                                                                                                                  Function 00007FFD9A0B8DDC Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                  • API String ID: 2943138195-1482988683
                                                                                                                  • Opcode ID: e6776e99f1d8b532013487e897ad1cb86ef6bf3cb326bb66d969eda1c85b139c
                                                                                                                  • Instruction ID: 223e91f1a92f57a6d17720b1f2b0fd19772787d32e21b31319d5919288be7e51
                                                                                                                  • Opcode Fuzzy Hash: e6776e99f1d8b532013487e897ad1cb86ef6bf3cb326bb66d969eda1c85b139c
                                                                                                                  • Instruction Fuzzy Hash: EA022C63F1861388FF7C8BE4DAB51BC3765BB09784F5441B6CA0D26AACDF68A544E340
                                                                                                                  Function 00007FFD9A049070 Relevance: 46.0, APIs: 17, Strings: 9, Instructions: 466COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseHandleMtx_unlock$BuffersDeleteFileFlushOpenPrinter
                                                                                                                  • String ID: ,$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                                                                                  • API String ID: 2285465158-3467645581
                                                                                                                  • Opcode ID: a93c4e7d1b6e9d9f3b11e97348122e64e2b9c648f2fae611bbcec5c3e2c963b0
                                                                                                                  • Instruction ID: d70c41676f68e74acaad4e70991fd444db762e8afd6f7e2b2116f228bb79053a
                                                                                                                  • Opcode Fuzzy Hash: a93c4e7d1b6e9d9f3b11e97348122e64e2b9c648f2fae611bbcec5c3e2c963b0
                                                                                                                  • Instruction Fuzzy Hash: 57226B63B09BC381EA74CB95E4A43EE7361FB85790F505272DA9D02AA9EF7CD484D700
                                                                                                                  Function 00007FFD9A04D070 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 307fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Mtx_unlock_invalid_parameter_noinfo_noreturn$CloseFileHandleOpenPrinterWrite
                                                                                                                  • String ID: ,$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$monitor_readport {:#x}, {:#x}, {}, {:#x}$no file handle to write$port object {:#x} is not present in the list
                                                                                                                  • API String ID: 2124777539-1360970229
                                                                                                                  • Opcode ID: e40f126bba8539673b343367555e11911144582e47336496d197a4beed0d9d35
                                                                                                                  • Instruction ID: f668d0099ccf2f4082abe5bf251827499cdc5b529081e40300d07737005e8748
                                                                                                                  • Opcode Fuzzy Hash: e40f126bba8539673b343367555e11911144582e47336496d197a4beed0d9d35
                                                                                                                  • Instruction Fuzzy Hash: D7D18023B04B8386EB249BA5E8642AD73A1FB85794F504175EE8D03B99EF3CE445D700
                                                                                                                  Function 00007FFD9A0BC65C Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 289COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+$Replicator::operator[]
                                                                                                                  • String ID: `anonymous namespace'
                                                                                                                  • API String ID: 3863519203-3062148218
                                                                                                                  • Opcode ID: e1e74c6b6722db3deb773fd6668ba918d02a5f8ccd01f8ddbc285da4b3b465b2
                                                                                                                  • Instruction ID: 6abb8c89a7b598abc96ef02ee77571abf2f40899270894c0836be2c602e57e94
                                                                                                                  • Opcode Fuzzy Hash: e1e74c6b6722db3deb773fd6668ba918d02a5f8ccd01f8ddbc285da4b3b465b2
                                                                                                                  • Instruction Fuzzy Hash: 25E17073B08B8399EB28CFA4D5A11AD77A0FB48788F844076EA4D27B99DF38D554D700
                                                                                                                  Function 00007FFD9A043270 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 304COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                  • API String ID: 73155330-3963725590
                                                                                                                  • Opcode ID: 8072d75f15be8f1169a55a0d5f15b1154148c66fdf2459ab26018b872f3f93ff
                                                                                                                  • Instruction ID: 54f1b56b8d88d28894914cd67b01141e95ba48842462cf9b405a5ff418494164
                                                                                                                  • Opcode Fuzzy Hash: 8072d75f15be8f1169a55a0d5f15b1154148c66fdf2459ab26018b872f3f93ff
                                                                                                                  • Instruction Fuzzy Hash: E1C1B763B1868341FA389B95D16437D7291FB857E0F506671DAAD03BDEEF6CE0809301
                                                                                                                  Function 00007FFD9A04B410 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 182registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                                                                                  • API String ID: 31251203-231907547
                                                                                                                  • Opcode ID: dee804ad00548129b4bbfc89998daee1c51eb59354f76e881e06d9e58ad26e3f
                                                                                                                  • Instruction ID: 2fa9acb8375e19a5eacd93d4d1a661e3535f974c3d2090c4ca8f8b0fc21c030a
                                                                                                                  • Opcode Fuzzy Hash: dee804ad00548129b4bbfc89998daee1c51eb59354f76e881e06d9e58ad26e3f
                                                                                                                  • Instruction Fuzzy Hash: FF71AC63B14A0384FB28DBE9D4683AC33A1BB497A4F505672DA6D13ADDEF3CD4819300
                                                                                                                  Function 00007FFD9A0B0E20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 150COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Event$CloseHandle$Create$CurrentObjectOpenProcessResetSingleWait
                                                                                                                  • String ID: e-flag
                                                                                                                  • API String ID: 354184465-538632313
                                                                                                                  • Opcode ID: 3e62840c371be89110774ddf9dfb6b2302cc5c6bdf74e30139e87b36c504c625
                                                                                                                  • Instruction ID: bc0d2ab86448c48277a9d9666fd56b61c85b8d70242ab3156b4e26f9bd483c24
                                                                                                                  • Opcode Fuzzy Hash: 3e62840c371be89110774ddf9dfb6b2302cc5c6bdf74e30139e87b36c504c625
                                                                                                                  • Instruction Fuzzy Hash: 6B71942371C68286EB64CF65E56033AB7A0EB897E0F105275E79D42A9CDF2DD484DB00
                                                                                                                  Function 00007FFD9A0BAB38 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2943138195-0
                                                                                                                  • Opcode ID: b39d1213a9eb440df052bc55e7b3a4a8f23788f98588c313a4ec68cea227d173
                                                                                                                  • Instruction ID: c858cb1dd113caca30cd2a8b4e89306dd72d785e54bdbf04f431a68067d23142
                                                                                                                  • Opcode Fuzzy Hash: b39d1213a9eb440df052bc55e7b3a4a8f23788f98588c313a4ec68cea227d173
                                                                                                                  • Instruction Fuzzy Hash: 86F16777B08A829EEB28DFA4D5A01FC37A0FB0474CB4440B6DA4D67A99DF38D959D340
                                                                                                                  Function 00007FFD9A0BD464 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: NameName::$Name::operator+
                                                                                                                  • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                  • API String ID: 826178784-2441609178
                                                                                                                  • Opcode ID: 50959655bfd714af9298605542fdc944d11e2181312bdffe6824512e5a51554b
                                                                                                                  • Instruction ID: 3be76e1b6b52e250121c7b5f4fa653bd3d0d4eec63dd6b88fc78e435e7345480
                                                                                                                  • Opcode Fuzzy Hash: 50959655bfd714af9298605542fdc944d11e2181312bdffe6824512e5a51554b
                                                                                                                  • Instruction Fuzzy Hash: 7FF13923F0865389FF3C9BE4C6B51BC77A0EF55748F4501B7CA0E26AADDE2CA545A240
                                                                                                                  Function 00007FFD9A04ACC0 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 247COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FFD9A050460: GetTempPathW.KERNEL32 ref: 00007FFD9A0504AA
                                                                                                                    • Part of subcall function 00007FFD9A050460: GetLastError.KERNEL32 ref: 00007FFD9A0504B4
                                                                                                                    • Part of subcall function 00007FFD9A050460: WideCharToMultiByte.KERNEL32 ref: 00007FFD9A050533
                                                                                                                    • Part of subcall function 00007FFD9A050460: WideCharToMultiByte.KERNEL32 ref: 00007FFD9A05056C
                                                                                                                    • Part of subcall function 00007FFD9A0502F0: WideCharToMultiByte.KERNEL32 ref: 00007FFD9A0503C0
                                                                                                                    • Part of subcall function 00007FFD9A0502F0: WideCharToMultiByte.KERNEL32 ref: 00007FFD9A0503F9
                                                                                                                    • Part of subcall function 00007FFD9A0502F0: CoTaskMemFree.OLE32 ref: 00007FFD9A050407
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04B064
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04B06A
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04B070
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn$ErrorFreeLastPathTaskTemp
                                                                                                                  • String ID: $C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'$error${}\FaxPrinter${}\Wildix
                                                                                                                  • API String ID: 4053574115-744896386
                                                                                                                  • Opcode ID: 589a12f16f30d0e62f8da4a9adc69400c96bea7927c384ba16e416f4c74805a5
                                                                                                                  • Instruction ID: 851eb99a5f0ab440b84da52ac9797d43341bade523a741ddc800be258f4f3b7c
                                                                                                                  • Opcode Fuzzy Hash: 589a12f16f30d0e62f8da4a9adc69400c96bea7927c384ba16e416f4c74805a5
                                                                                                                  • Instruction Fuzzy Hash: 2EC19423A18BC781EB248B64E4553AEB3A0FB85794F505235EBDD02AADEF7CD194D700
                                                                                                                  Function 00007FFD9A0D19C8 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19D7
                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D19EC
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A0D
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A3A
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A4B
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A5C
                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF,?,?,00000000,00007FFD9A0D903B), ref: 00007FFD9A0D1A77
                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1AAD
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1ACC
                                                                                                                    • Part of subcall function 00007FFD9A0D35E4: HeapAlloc.KERNEL32(?,?,00000000,00007FFD9A0D1BA2,?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000), ref: 00007FFD9A0D3639
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1AF4
                                                                                                                    • Part of subcall function 00007FFD9A0D35A8: HeapFree.KERNEL32(?,?,00007FFD9A0D0D47,00007FFD9A0DE3BE,?,?,?,00007FFD9A0DE73B,?,?,00000000,00007FFD9A0DD86D,?,?,?,00007FFD9A0DD79F), ref: 00007FFD9A0D35BE
                                                                                                                    • Part of subcall function 00007FFD9A0D35A8: GetLastError.KERNEL32(?,?,00007FFD9A0D0D47,00007FFD9A0DE3BE,?,?,?,00007FFD9A0DE73B,?,?,00000000,00007FFD9A0DD86D,?,?,?,00007FFD9A0DD79F), ref: 00007FFD9A0D35C8
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1B05
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFD9A0DD95B,?,?,?,00007FFD9A0D7AE4,?,?,?,00007FFD9A0C3BFF), ref: 00007FFD9A0D1B16
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 570795689-0
                                                                                                                  • Opcode ID: f1e4c69a81cfa2c1fb794458544e7afd2dc728fe3ce83bc231ad9427e0a3a5cf
                                                                                                                  • Instruction ID: 86029906a84b2f33dc1de3e658b6b53e195c8e610e94f37d3c0531363bdfb60b
                                                                                                                  • Opcode Fuzzy Hash: f1e4c69a81cfa2c1fb794458544e7afd2dc728fe3ce83bc231ad9427e0a3a5cf
                                                                                                                  • Instruction Fuzzy Hash: 40411223B0874342FA7CA7A5947517A32925F857B0F194BB4F93E1B6DEEE2CB441A201
                                                                                                                  Function 00007FFD9A04A610 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 306COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04A8B4
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04A8BA
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04A8FE
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04A904
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04A90A
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04A910
                                                                                                                    • Part of subcall function 00007FFD9A0506C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFD9A04B457), ref: 00007FFD9A05071F
                                                                                                                    • Part of subcall function 00007FFD9A0506C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFD9A04B457), ref: 00007FFD9A0507BB
                                                                                                                    • Part of subcall function 00007FFD9A0506C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFD9A04B457), ref: 00007FFD9A0507E8
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide
                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$port level {} is invalid
                                                                                                                  • API String ID: 469901203-1756580397
                                                                                                                  • Opcode ID: fd944c9436511d06c7a68dd4003d01c516a86bc7e4e2ba5b00a217ea0b03a0a8
                                                                                                                  • Instruction ID: d1f44480edf21b549f1ddc16b6843247b98c2de04a7187440467cdea46049673
                                                                                                                  • Opcode Fuzzy Hash: fd944c9436511d06c7a68dd4003d01c516a86bc7e4e2ba5b00a217ea0b03a0a8
                                                                                                                  • Instruction Fuzzy Hash: CEC19D63B14A4386FB28DBA8D4A43AD33A1FB84798F505675DA5C13ADDEF38E451D300
                                                                                                                  Function 00007FFD9A0BE5DC Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Replicator::operator[]
                                                                                                                  • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                  • API String ID: 3676697650-3207858774
                                                                                                                  • Opcode ID: eb5dfb772da872b64948b165cb24fca11ce0200a5d144be3d9230e14ebc015cb
                                                                                                                  • Instruction ID: bd31550ddbca521568a22e705aecc88a5a38412316f99e7579df1860f7c7debb
                                                                                                                  • Opcode Fuzzy Hash: eb5dfb772da872b64948b165cb24fca11ce0200a5d144be3d9230e14ebc015cb
                                                                                                                  • Instruction Fuzzy Hash: 7C817E37B08A4789FF788FA0D5A02B837A1AB58788F8441B2DA4D17799DF3CE545E340
                                                                                                                  Function 00007FFD9A0BA3E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                  • API String ID: 2943138195-1464470183
                                                                                                                  • Opcode ID: bff51682b923a1e294718221f69f26260e8471e5ac19c70d511da750f82a0ba4
                                                                                                                  • Instruction ID: 255a68e534cf4665adb0ac94016fe1a90ce18803156691a48b9e35c77a7434af
                                                                                                                  • Opcode Fuzzy Hash: bff51682b923a1e294718221f69f26260e8471e5ac19c70d511da750f82a0ba4
                                                                                                                  • Instruction Fuzzy Hash: BF515A73F18A178AFB28CBA4EAA45BC3770BB44344F90017ADA0D66A9CDF39E5559700
                                                                                                                  Function 00007FFD9A0B8A9C Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2943138195-0
                                                                                                                  • Opcode ID: 30f001fca32f8e22a9feccce9067a947ce43097018333a86e4c8c6b46ee35f3e
                                                                                                                  • Instruction ID: 9746544bbbf5601701eb5b0b62a3005d2c0c3fb2491b796b523c9a2de106bd87
                                                                                                                  • Opcode Fuzzy Hash: 30f001fca32f8e22a9feccce9067a947ce43097018333a86e4c8c6b46ee35f3e
                                                                                                                  • Instruction Fuzzy Hash: CB616863B04B6298EB24DBE4D9A10EC37B1BB04788B844476DE0D6BAADDF78D549D340
                                                                                                                  Function 00007FFD9A0AEB80 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00007FFD9A0AED28
                                                                                                                  • bad allocation, xrefs: 00007FFD9A0AEBCB
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFD9A0AED33
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __std_exception_copy__std_exception_destroy$Init_thread_footer
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                  • API String ID: 3914267585-177984870
                                                                                                                  • Opcode ID: fea7039d48a16f84df0a5c246a0f75cc0ec4525d1e244182bbc694b7f0aac2ba
                                                                                                                  • Instruction ID: 9a8eedd97d32897f8b72e4ceabaffbe20d3d6920da83714328aa83dd660ede40
                                                                                                                  • Opcode Fuzzy Hash: fea7039d48a16f84df0a5c246a0f75cc0ec4525d1e244182bbc694b7f0aac2ba
                                                                                                                  • Instruction Fuzzy Hash: 2EF12A33B09B468AEB24CFA5E4A01AC77B4FB88B48B044176DE4E57B68EF38D555D340
                                                                                                                  Function 00007FFD9A0AF070 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FFD9A0AF218
                                                                                                                  • bad exception, xrefs: 00007FFD9A0AF0BB
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FFD9A0AF223
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __std_exception_copy__std_exception_destroy$Init_thread_footer
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                  • API String ID: 3914267585-2007977368
                                                                                                                  • Opcode ID: c3a4f8ecce60b9f5eb939b62528f3d2332f7ddbef0145c8c3d633bb9faf94b97
                                                                                                                  • Instruction ID: 34c5614d724d83da1876cc057f1027028ba07d61fd0b3909c9f9166d9ab150d5
                                                                                                                  • Opcode Fuzzy Hash: c3a4f8ecce60b9f5eb939b62528f3d2332f7ddbef0145c8c3d633bb9faf94b97
                                                                                                                  • Instruction Fuzzy Hash: 5BF12B37B09B468AEB24CFA5E4A01AC33B4FB88B48B044176DE4E57B68EF38D555D740
                                                                                                                  Function 00007FFD9A0BC0A8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                  • API String ID: 2943138195-2239912363
                                                                                                                  • Opcode ID: afe0ffeb56c262848d721f9b06f82b5fd4e90291abbc621942f29b19f2ff9138
                                                                                                                  • Instruction ID: cc659fe3bf2486f0aba20e5a5a396289c09a8d41832ececbf8c91dcd49a8ab6b
                                                                                                                  • Opcode Fuzzy Hash: afe0ffeb56c262848d721f9b06f82b5fd4e90291abbc621942f29b19f2ff9138
                                                                                                                  • Instruction Fuzzy Hash: FE513963F18B5388FF298BA0D9612BD37B0BB48748F444576DA4D22BA9DF3CA584D710
                                                                                                                  Function 00007FFD9A07BA8C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFD9A07BB40
                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FFD9A07BB5E
                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFD9A07BAFF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Maklocstr$Yarn
                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                  • API String ID: 3000050306-35662545
                                                                                                                  • Opcode ID: 043d8c8dbdccdc31edd4451736137fd4944aa671c029841ddc14928f43825f10
                                                                                                                  • Instruction ID: b1d7f71384afabb43c40183705226228c3828fb9fffd0e84e48489b03ed961f2
                                                                                                                  • Opcode Fuzzy Hash: 043d8c8dbdccdc31edd4451736137fd4944aa671c029841ddc14928f43825f10
                                                                                                                  • Instruction Fuzzy Hash: 4A218023B04B8685EB24DF61D9552A937A1FB99B80F498271DE4D0375AEF3CE541D700
                                                                                                                  Function 00007FFD9A07BB8C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFD9A07BBF6
                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FFD9A07BC42
                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFD9A07BC32
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Maklocwcsstd::_$Yarn
                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                  • API String ID: 1194159078-3743323925
                                                                                                                  • Opcode ID: 3ebec83a3551bdcdc76b1dd3e4fbc74a91f3be1accb92f4614d00804df2fdd61
                                                                                                                  • Instruction ID: d33bfb0beb49f5b76ab4d45d8c1b5b1ae0f07083f5bc863796dcafbf8feab617
                                                                                                                  • Opcode Fuzzy Hash: 3ebec83a3551bdcdc76b1dd3e4fbc74a91f3be1accb92f4614d00804df2fdd61
                                                                                                                  • Instruction Fuzzy Hash: ED215E23B04B4386EA25EF65E9212A973A0FB95B80F448171EB4D4779AEF3CE480D700
                                                                                                                  Function 00007FFD9A07A5A8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                  • API String ID: 667068680-1247241052
                                                                                                                  • Opcode ID: 24ef0a13b2b71fb77e4f14e7101441ab91dd52ec8659cc3e364eb840c4570d0f
                                                                                                                  • Instruction ID: f90d151303b7062a51b92dc955419a4ac806385524f330db65cfada7a9b8e2cc
                                                                                                                  • Opcode Fuzzy Hash: 24ef0a13b2b71fb77e4f14e7101441ab91dd52ec8659cc3e364eb840c4570d0f
                                                                                                                  • Instruction Fuzzy Hash: 66F07A67B19B0785EA2C9BE1F86807033A5BF4C791B6510B5C84E56328EF3CA995A304
                                                                                                                  Function 00007FFD9A05CA50 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 432COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: !%x$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                  • API String ID: 0-83798936
                                                                                                                  • Opcode ID: bb8d145fc2bebedc0cad224c93b7a818d79f4991684f33c0da2d7f39dbe8b809
                                                                                                                  • Instruction ID: 1337b1d2681c5e11d1903df8c00a54b89142705f12d758d45d5d567b8c8cb655
                                                                                                                  • Opcode Fuzzy Hash: bb8d145fc2bebedc0cad224c93b7a818d79f4991684f33c0da2d7f39dbe8b809
                                                                                                                  • Instruction Fuzzy Hash: FB02AE23B08A868AFB25CFFAD4603AC37B1AB49B98F145171DE4D53B99DE38D485D340
                                                                                                                  Function 00007FFD9A056C90 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                  • String ID: boost::thread_resource_error
                                                                                                                  • API String ID: 1944019136-52533987
                                                                                                                  • Opcode ID: 0d5949b988f0c4e8975e7d5b9bfcef6d562a1dfdcfb7c5efc2a82b02e6de393e
                                                                                                                  • Instruction ID: 625b256a36d553e35588de68be68aeccc05a153a7d8844258f1f2c64199e4ab1
                                                                                                                  • Opcode Fuzzy Hash: 0d5949b988f0c4e8975e7d5b9bfcef6d562a1dfdcfb7c5efc2a82b02e6de393e
                                                                                                                  • Instruction Fuzzy Hash: 0D919D63F18B8284EB14CBF5D5603AC3321AB597A8F509371DA6C167DAEF38E495D340
                                                                                                                  Function 00007FFD9A0D3710 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FFD9A0D4078,?,?,?,?,00007FFD9A0CCFEE), ref: 00007FFD9A0D388C
                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FFD9A0D4078,?,?,?,?,00007FFD9A0CCFEE), ref: 00007FFD9A0D3898
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                  • Opcode ID: 406051a2592b956789926d0e03c2a6cb936b63ae089444588f7eef2c5ea3ac99
                                                                                                                  • Instruction ID: 305e83f939f620a9122b17d7a873fae7e62d81649970c5d4ad54e548fa6a2069
                                                                                                                  • Opcode Fuzzy Hash: 406051a2592b956789926d0e03c2a6cb936b63ae089444588f7eef2c5ea3ac99
                                                                                                                  • Instruction Fuzzy Hash: 4E41E127B19B0381FA398B9698246753390BF49BE0F064275ED0EA7788EF3CE405E300
                                                                                                                  Function 00007FFD9A0415E0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 93libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                  • String ID: Genu$GetEnabledExtendedFeatures$ineI$kernel32.dll$ntel
                                                                                                                  • API String ID: 1646373207-3700478490
                                                                                                                  • Opcode ID: f6a19ec6d9bc2c3b92dfcea9db0b3fe0128be32342420ed64a96bfb399300f25
                                                                                                                  • Instruction ID: b81b89c65584a7ccae69daf87d2353fb29158f5e5bde8366fa72dbb1aa87215b
                                                                                                                  • Opcode Fuzzy Hash: f6a19ec6d9bc2c3b92dfcea9db0b3fe0128be32342420ed64a96bfb399300f25
                                                                                                                  • Instruction Fuzzy Hash: F7410C37B0DA0389FA7D8B90F8A927532E5BF44750F9445B9D50E523A9FF2CE914A300
                                                                                                                  Function 00007FFD9A0C4810 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID: f$p$p
                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                  • Opcode ID: 19d8d3a6ce4d553595b11ae62b80b8ab70f141bbd8fa23e1acf4f9e34a95b6b9
                                                                                                                  • Instruction ID: 79c53b79bc401ca2c7187da3975f0f96c03d97a5c3d168da5e3a948c5eaad67e
                                                                                                                  • Opcode Fuzzy Hash: 19d8d3a6ce4d553595b11ae62b80b8ab70f141bbd8fa23e1acf4f9e34a95b6b9
                                                                                                                  • Instruction Fuzzy Hash: B012A023F0C14386FB78BA9590B82B972B1FB40754F864176E68D476DCDB3EE480AB14
                                                                                                                  Function 00007FFD9A04A0D0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 293COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: <>:"/\|?*$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                  • API String ID: 0-185695948
                                                                                                                  • Opcode ID: 667adac8ddd6c71d31befab6c99e1459537e522b1c8fae124115b39d56d6d974
                                                                                                                  • Instruction ID: bb905038dadad6d8de5f9a5f7c2f7f32022e5397c9272268d7bfaadf7d72583e
                                                                                                                  • Opcode Fuzzy Hash: 667adac8ddd6c71d31befab6c99e1459537e522b1c8fae124115b39d56d6d974
                                                                                                                  • Instruction Fuzzy Hash: B8B1C363B1868345EB388BA5D5A43B97391FB84B94F544271DE6D077E9EF3CE4819300
                                                                                                                  Function 00007FFD9A0D63E8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3215553584-0
                                                                                                                  • Opcode ID: 0d5a754dbeff539dd81f6783643e406fe980485eeff2bc2e5dbee37e73edf62c
                                                                                                                  • Instruction ID: 0aa4886617756f3c695b7218e7a11017b58a5a387e2ff574101da4e42c230cb9
                                                                                                                  • Opcode Fuzzy Hash: 0d5a754dbeff539dd81f6783643e406fe980485eeff2bc2e5dbee37e73edf62c
                                                                                                                  • Instruction Fuzzy Hash: F7C1C523B2C78751E7789B9494602BD7BA1FB91B80F5542B1EA8D03399DF7CE849A700
                                                                                                                  Function 00007FFD9A09B350 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 204COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                  • String ID: Wildix
                                                                                                                  • API String ID: 1944019136-3768880759
                                                                                                                  • Opcode ID: 2231f4c4217c616854e391ca7c7b9018b5595ff48a16cc5fe43519db11ca7051
                                                                                                                  • Instruction ID: da093149c76fe80303f6905a930e1b71e76f55d9a3a6ee3e622bf42a52d531e1
                                                                                                                  • Opcode Fuzzy Hash: 2231f4c4217c616854e391ca7c7b9018b5595ff48a16cc5fe43519db11ca7051
                                                                                                                  • Instruction Fuzzy Hash: 6781C163F14B8685FB14CBA4D0653AC3322EB857A8F504272DE6D177DAEE38E095D340
                                                                                                                  Function 00007FFD9A059A20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 132COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                  • API String ID: 2775327233-1062449267
                                                                                                                  • Opcode ID: 5e468fc346ad87a7518c494f14a647d3d5548735872a23a4208a13994ffb890a
                                                                                                                  • Instruction ID: 38ce5d149b92904205ed2f1c97c6348e228439a98ff7659306095287bd984ce5
                                                                                                                  • Opcode Fuzzy Hash: 5e468fc346ad87a7518c494f14a647d3d5548735872a23a4208a13994ffb890a
                                                                                                                  • Instruction Fuzzy Hash: ED515A23F09B4289FB29DFE1D5202AC33B5EB44B98F051975DE4D27A89CF38E955A310
                                                                                                                  Function 00007FFD9A0BE3D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: {for
                                                                                                                  • API String ID: 2943138195-864106941
                                                                                                                  • Opcode ID: f90e41cad096f2da93ea417e0c4c3fcd4eba8a185dcbaaf535a881db8345dab5
                                                                                                                  • Instruction ID: 2600c51e15907f648c151b1785bdeb935e9f7ac8614c44921209fbb4cf103cf5
                                                                                                                  • Opcode Fuzzy Hash: f90e41cad096f2da93ea417e0c4c3fcd4eba8a185dcbaaf535a881db8345dab5
                                                                                                                  • Instruction Fuzzy Hash: F2515D73B08A46A9EB25CFA4D6653EC37A1EB44788F8080B2DA4C17B99EF7CD554D300
                                                                                                                  Function 00007FFD9A077DE0 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentThread$xtime_get
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1104475336-0
                                                                                                                  • Opcode ID: 1b469f39731d2fe9418beec3031c25306e4f08875869ab3756341ad35cd88f7e
                                                                                                                  • Instruction ID: 087060c385b160f80bf71576b91cb63a5b1605995b1b38a7aee2acaebee4cca5
                                                                                                                  • Opcode Fuzzy Hash: 1b469f39731d2fe9418beec3031c25306e4f08875869ab3756341ad35cd88f7e
                                                                                                                  • Instruction Fuzzy Hash: F651FE33B1864786EA788F95D86426973E0FB48B85F958071D64E836A8DF3DE885E700
                                                                                                                  Function 00007FFD9A050460 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  • couldn't get temp folder path, error {}, xrefs: 00007FFD9A0504BE
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FFD9A0504D0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastPathTemp
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                                                                                  • API String ID: 1406663960-3281116547
                                                                                                                  • Opcode ID: 00d46c72ac2025951d999f6dfa65d52e4cecf7cd7147bc7663bcd4cc50032544
                                                                                                                  • Instruction ID: ce598262c489c86fa9c7fe4f60d0385e885f6d40e199eef70cdf5de6447cce1c
                                                                                                                  • Opcode Fuzzy Hash: 00d46c72ac2025951d999f6dfa65d52e4cecf7cd7147bc7663bcd4cc50032544
                                                                                                                  • Instruction Fuzzy Hash: 0641C233B08B8686E7348F51F4502AAB7A5FB89B90F504236EA8E03B58DF3CD555DB00
                                                                                                                  Function 00007FFD9A0B87F8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+Replicator::operator[]
                                                                                                                  • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                  • API String ID: 1405650943-2211150622
                                                                                                                  • Opcode ID: 4315fde10b0c18e2618adf3d88e1e854fc524dc8ef429976d7086a5a917182a1
                                                                                                                  • Instruction ID: 00cead9a235e6a2f9b865355d72c34b5513bb4049429a8b30aaf7d74c2b934bd
                                                                                                                  • Opcode Fuzzy Hash: 4315fde10b0c18e2618adf3d88e1e854fc524dc8ef429976d7086a5a917182a1
                                                                                                                  • Instruction Fuzzy Hash: A2413B67F08B479DFB298BA4D9A52BC37A0BB08344F9445B6CA4C22778DF7C9544D305
                                                                                                                  Function 00007FFD9A0BA5DC Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: char $int $long $short $unsigned
                                                                                                                  • API String ID: 2943138195-3894466517
                                                                                                                  • Opcode ID: 141c0a0f09cd27b5732f2ebd561887ead484243a038993fc7541bb2f00a37280
                                                                                                                  • Instruction ID: 927b1c4e0a6458c5f0f827410455564ef35e5cf5fd41c2ce8ef0557d0e3aa936
                                                                                                                  • Opcode Fuzzy Hash: 141c0a0f09cd27b5732f2ebd561887ead484243a038993fc7541bb2f00a37280
                                                                                                                  • Instruction Fuzzy Hash: CB312A73B18A168AFB698BA8D9643BC37A1BB08748F544172CA0C17BACDF3C9544D340
                                                                                                                  Function 00007FFD9A0E33CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                  • String ID: CONOUT$
                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                  • Opcode ID: b039afb8f07e777026a724c9789f87f27cf03355c8c9bf5fff4410ca7dd34ed2
                                                                                                                  • Instruction ID: 3c8c406a2ce6ec11fc5cc4f314f60e7f7743c01bcacf40892222264dc6d0ed59
                                                                                                                  • Opcode Fuzzy Hash: b039afb8f07e777026a724c9789f87f27cf03355c8c9bf5fff4410ca7dd34ed2
                                                                                                                  • Instruction Fuzzy Hash: 9D119623B18A428AE3648B82E86432977A0FB88FE5F500274D95E87798DF3CD914D744
                                                                                                                  Function 00007FFD9A07A2B0 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2829165498-0
                                                                                                                  • Opcode ID: 6118fa8085e3669122257fb284799078a74a7ea03473d476fd7d1291ba46dfc7
                                                                                                                  • Instruction ID: 231ddab4ec15f5327802f33d32c37a4ac1f6e21a259b2cf581f053a52cae11e4
                                                                                                                  • Opcode Fuzzy Hash: 6118fa8085e3669122257fb284799078a74a7ea03473d476fd7d1291ba46dfc7
                                                                                                                  • Instruction Fuzzy Hash: C2819F73B0974286EB388FA1D86036A77A1FB84BA8F544275EA5E17BC8DF3CD4459700
                                                                                                                  Function 00007FFD9A07DD14 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: d7ee89805e0ed53243302812a72c61ec43182b1c66d2af2860eeb625812f69d5
                                                                                                                  • Instruction ID: 77d1cfddb03795f2d111805e0ae475f8d5ad247206afabf81221b4724bba61c8
                                                                                                                  • Opcode Fuzzy Hash: d7ee89805e0ed53243302812a72c61ec43182b1c66d2af2860eeb625812f69d5
                                                                                                                  • Instruction Fuzzy Hash: 28416023F09A4385EA2DEF95E8601B87360EF94BA0F5801B1DE4D572A9DE7CE8819700
                                                                                                                  Function 00007FFD9A07CA7C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 4c49cd235b3d411d937d39b31007a6f21730b6cd7a74e53b0dd6f0d4bb12012f
                                                                                                                  • Instruction ID: 050c9f9ddf189230cf4ea94565ab67ae7a72bbe4b2a3b91fd32c92c4920b0007
                                                                                                                  • Opcode Fuzzy Hash: 4c49cd235b3d411d937d39b31007a6f21730b6cd7a74e53b0dd6f0d4bb12012f
                                                                                                                  • Instruction Fuzzy Hash: DC318523B08A4785EA2DDB96E8641797360FB85BA4F0801B1EE1D47799DE3CE446D300
                                                                                                                  Function 00007FFD9A07DAE4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 59e0f36cd1ea3a1365760fbb3129df661edbc45c6de00f140661bec03dd7375b
                                                                                                                  • Instruction ID: 58ab22648b0afc4ab02ca8434dfc3c7a4756b34769a388727be6020f48893f4e
                                                                                                                  • Opcode Fuzzy Hash: 59e0f36cd1ea3a1365760fbb3129df661edbc45c6de00f140661bec03dd7375b
                                                                                                                  • Instruction Fuzzy Hash: 04318423B08A47D5FA2EDB95E8641797361FB44BA0F4801B1DE0D57399DE3CF4469700
                                                                                                                  Function 00007FFD9A07CB94 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: ba907c7073d14346145b041efd69a39d511bb92761038cb225760091b9a1808f
                                                                                                                  • Instruction ID: a8e19e085c8c267a723d8821642dcd94cd230ddf6c9c062a54a691ce958af35f
                                                                                                                  • Opcode Fuzzy Hash: ba907c7073d14346145b041efd69a39d511bb92761038cb225760091b9a1808f
                                                                                                                  • Instruction Fuzzy Hash: 0E317E23B08A4795FA2D9BA5EC6417973A0FB44BA0F0805B1DE0D073A9DE3CE4869300
                                                                                                                  Function 00007FFD9A07DBFC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 2c549df3dd1d75dff04ccf5148f4e2c5653139b2921eee02cb6e4c2fb23f264c
                                                                                                                  • Instruction ID: 53fb89748fe93c3b4bfcca7fab4a8f1c041f69baa444e4a22328e090c14b30ce
                                                                                                                  • Opcode Fuzzy Hash: 2c549df3dd1d75dff04ccf5148f4e2c5653139b2921eee02cb6e4c2fb23f264c
                                                                                                                  • Instruction Fuzzy Hash: C1318123B08A4785EA2DEB95E8641B87761FF84BA0F0801B2DE0D477A9DE7CE4469700
                                                                                                                  Function 00007FFD9A07D8B4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 3ef5d887a69fde8eb79102d68e6dac8fec32c46f6627d78cf0bdcf0ff4dab9d6
                                                                                                                  • Instruction ID: 0ad1ff3d26b3b5912a6677f49c0b88c5d62cfed5c4bd63daef503e6a417e8e2b
                                                                                                                  • Opcode Fuzzy Hash: 3ef5d887a69fde8eb79102d68e6dac8fec32c46f6627d78cf0bdcf0ff4dab9d6
                                                                                                                  • Instruction Fuzzy Hash: 69318123B08A4785EB3DDB96E8641787361FF84BA4F0801B1DA4D177A9EE7CE446D700
                                                                                                                  Function 00007FFD9A07C964 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: bcfa4eb89c8d78ae932ff0094edea61ca0765b0be1aa851a0d634ea377269ddb
                                                                                                                  • Instruction ID: 9c396c27ccf9cc291c909e728c4c5a6de8b62d465ab5b73f451df0856df278a4
                                                                                                                  • Opcode Fuzzy Hash: bcfa4eb89c8d78ae932ff0094edea61ca0765b0be1aa851a0d634ea377269ddb
                                                                                                                  • Instruction Fuzzy Hash: 31318223B08A8795FA2DDB95E8641B87360FB44BA4F4842B1DE0D576A9DE7CF446D300
                                                                                                                  Function 00007FFD9A07D9CC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: c88c61b737cf5bb7ced29080a09486b97f7a62aa0ee58b3c5a23abf974e645a1
                                                                                                                  • Instruction ID: 921287d2be812a01c1ad819cc9c0dde8fc4819f229d4671fc99ae50874b11ff4
                                                                                                                  • Opcode Fuzzy Hash: c88c61b737cf5bb7ced29080a09486b97f7a62aa0ee58b3c5a23abf974e645a1
                                                                                                                  • Instruction Fuzzy Hash: 1E318F23B0CA4795EB2DDB95E8641787361FF84BA0F0801B1DE1D077A9DE7CE8869700
                                                                                                                  Function 00007FFD9A07CEDC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: d057163cf0e77e876bac29577a5c22d09043a768996d1959bca84baed61bf59b
                                                                                                                  • Instruction ID: 4c0a02befc3f3ee2af0e8d905b985fca931c4bd29f9aafd68c2c305da7378e64
                                                                                                                  • Opcode Fuzzy Hash: d057163cf0e77e876bac29577a5c22d09043a768996d1959bca84baed61bf59b
                                                                                                                  • Instruction Fuzzy Hash: 1A31AF23B08A4784EA2DDB95E8641797361FB84BA4F0801B2EE0D473A9DE7CE456D300
                                                                                                                  Function 00007FFD9A07CFF4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 806bf41120877e85cb8bd4537ce37f0615b569a650b15191b997c9a9a032458c
                                                                                                                  • Instruction ID: 33d4e3da2c47cd4daa68bfe6596df22c51061833e0e6ed54acc590edbcd93670
                                                                                                                  • Opcode Fuzzy Hash: 806bf41120877e85cb8bd4537ce37f0615b569a650b15191b997c9a9a032458c
                                                                                                                  • Instruction Fuzzy Hash: AC31A523B0CA4784FA2DEB95E8642797360FF84BA0F0851B1DA0D073A9DE7CE442D700
                                                                                                                  Function 00007FFD9A07CCAC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: b969601a560f35dba9b4972657ffa72566e202d2509f4af65a8760324919a95d
                                                                                                                  • Instruction ID: 2d6516d5d9d7a9ea83664133c3a6a3c53df37ef962725a420c4e8321f6eb0861
                                                                                                                  • Opcode Fuzzy Hash: b969601a560f35dba9b4972657ffa72566e202d2509f4af65a8760324919a95d
                                                                                                                  • Instruction Fuzzy Hash: 2631A523B08A4781EA3DDB95E8641787761FF44BA0F0801B1DE1D47399DE7CE8569300
                                                                                                                  Function 00007FFD9A07CDC4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 7672d8b44917d768e51c69c86e71f5f9f1be2aeeecebe14a287d4551a333b578
                                                                                                                  • Instruction ID: 01840893122266d9d458dc5d550ceb48beda8df52b88eaf08cb499c430c1ce05
                                                                                                                  • Opcode Fuzzy Hash: 7672d8b44917d768e51c69c86e71f5f9f1be2aeeecebe14a287d4551a333b578
                                                                                                                  • Instruction Fuzzy Hash: 6B319C23B0CA4780EA3D9B95EC741787360FB44BA0F4801B2DE4D072A9DE7CE8429300
                                                                                                                  Function 00007FFD9A07D33C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 0c7779649ba2e5acc6118f6d5956739af4ce3ad6d7e8a46062655682306152b3
                                                                                                                  • Instruction ID: 61fa3c2d7773724ca9750233a982f7153372c8753e224863304eaeac9b6e36da
                                                                                                                  • Opcode Fuzzy Hash: 0c7779649ba2e5acc6118f6d5956739af4ce3ad6d7e8a46062655682306152b3
                                                                                                                  • Instruction Fuzzy Hash: 4931AF27B08A4381EA2DDB95E8641797360FB84BA0F0805B2EE4D173E9DE7CF482D700
                                                                                                                  Function 00007FFD9A07C3EC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 387dc0db2405df0d9f22c04cb63ba4b0d617139b55e14d047d3fcee8c6c572ab
                                                                                                                  • Instruction ID: 88686096313b494b310cce2fe1bd4abbaf7f6cbd5e652c6fd29c2629eab9edf2
                                                                                                                  • Opcode Fuzzy Hash: 387dc0db2405df0d9f22c04cb63ba4b0d617139b55e14d047d3fcee8c6c572ab
                                                                                                                  • Instruction Fuzzy Hash: D131AF27B08A5781EA3DDB96E8601797761FB84BA0F0801B2DE0D473A9DF3CF8429300
                                                                                                                  Function 00007FFD9A07D454 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 279b704d9cfbdb962c4dd4b25f088a962e75d6d9dbb0ed7fdeade1e5fd35f517
                                                                                                                  • Instruction ID: 0bdd5547f32fa3f5cdfc8c33316135faa40556922e3cead5dbe371707abc7909
                                                                                                                  • Opcode Fuzzy Hash: 279b704d9cfbdb962c4dd4b25f088a962e75d6d9dbb0ed7fdeade1e5fd35f517
                                                                                                                  • Instruction Fuzzy Hash: 92318F23B0DA4796EA3DDB95E8641787361FB84BA4F0801B2DE0D477A9DE7CF4869700
                                                                                                                  Function 00007FFD9A07D10C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: d0115274c2daa4c985cdb42a8d6ea1857d0aa68b1bba0bfd587e0d353d41f6e6
                                                                                                                  • Instruction ID: f91fa9bbca722c79001bbdc6081051969abfaa459a2f70e3d94f03b5603c002c
                                                                                                                  • Opcode Fuzzy Hash: d0115274c2daa4c985cdb42a8d6ea1857d0aa68b1bba0bfd587e0d353d41f6e6
                                                                                                                  • Instruction Fuzzy Hash: F3318127B0CA4795EA2DDB95ED641B97360FB54BA0F0801B2DE1D077A9DE3CE886D700
                                                                                                                  Function 00007FFD9A07D224 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 4e389fbbfef3352140d4cf85328b5848eafc1e4337481f0442917fb21f453147
                                                                                                                  • Instruction ID: 4cea6904f033d7d7607b0fc561fbef743bdbdac6511c481bd1a6512a46a2c6ef
                                                                                                                  • Opcode Fuzzy Hash: 4e389fbbfef3352140d4cf85328b5848eafc1e4337481f0442917fb21f453147
                                                                                                                  • Instruction Fuzzy Hash: 7B31A127B0CA4780EA2DDB95E8641B87361FB55BA0F4801B2DA0D177A9DE7CE8439700
                                                                                                                  Function 00007FFD9A07D684 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: e4cbb2f31d677ac33a76b42f9c7747aadeb6aa6ced1be8196a58d91036f38f7f
                                                                                                                  • Instruction ID: 111225db911148a3ee896f13ff73292beab1a15f28bd7f029e3085259520bb2c
                                                                                                                  • Opcode Fuzzy Hash: e4cbb2f31d677ac33a76b42f9c7747aadeb6aa6ced1be8196a58d91036f38f7f
                                                                                                                  • Instruction Fuzzy Hash: 8831A327B08A4781EA2DDB95ECA01787760FB44BA0F4805B1DE0D07799EE3CE482D700
                                                                                                                  Function 00007FFD9A07C734 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: a6ae364fc2a4e44635426fe8e06a9a19d2e54377d17fa1836d834ccdf47059d0
                                                                                                                  • Instruction ID: ab61c92b68018db35f6a57095bbe9e611e0840cbe193068ac4d214a1c44e28de
                                                                                                                  • Opcode Fuzzy Hash: a6ae364fc2a4e44635426fe8e06a9a19d2e54377d17fa1836d834ccdf47059d0
                                                                                                                  • Instruction Fuzzy Hash: B2318E27B09A4781EA2D9BD5E9A01787761FB84BA0F4801B1DE0D577A9DF3CE846D300
                                                                                                                  Function 00007FFD9A07D79C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: aebe8dd5c26680a8b057ec8631fd9067fa569523c883de0c8fd172def8238ba7
                                                                                                                  • Instruction ID: 02ed3f1d7d16e684bc3768a6c1993bd0fbf9f797964ab1e272c933ada0255707
                                                                                                                  • Opcode Fuzzy Hash: aebe8dd5c26680a8b057ec8631fd9067fa569523c883de0c8fd172def8238ba7
                                                                                                                  • Instruction Fuzzy Hash: 5D318E23B09A4781EA7DDBD5E8601787761FB84BA0F0801B2DA4D077A9EE3CF4429700
                                                                                                                  Function 00007FFD9A07C84C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 62cef737c684c02f76c34dfed10d3ff52166fed3c3c850809a22494ef29eb736
                                                                                                                  • Instruction ID: 369230c43b512ffa3027070d98c70c585ae82a812ba13f1af7df7a988eacca3a
                                                                                                                  • Opcode Fuzzy Hash: 62cef737c684c02f76c34dfed10d3ff52166fed3c3c850809a22494ef29eb736
                                                                                                                  • Instruction Fuzzy Hash: 44318127B08A8385EA6DDB95E8741797761FF84BA0F4801B2DE5D17799DE3CE8429300
                                                                                                                  Function 00007FFD9A07C504 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 7bf6bee0a8ace7a32e6d1451ecca0b184075597f264134e24b7339206321fafa
                                                                                                                  • Instruction ID: da4c9b399d39f1ae5acf6f70b3915dc3699c088c77226a58fc2dbb31b695414a
                                                                                                                  • Opcode Fuzzy Hash: 7bf6bee0a8ace7a32e6d1451ecca0b184075597f264134e24b7339206321fafa
                                                                                                                  • Instruction Fuzzy Hash: 75318323F08A4785EA2DDB95EC641B87761FB84BA0F4805B2DE4D17799DE3CE8869300
                                                                                                                  Function 00007FFD9A07D56C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: e35305ec90654eb47726e3b85a58bb825aa7002e0b9538b083ae27a92fc5c895
                                                                                                                  • Instruction ID: 519f135517f0e4aab03b05c5ad8b48664792ef7baa0c610e77e6d3bf7185a09e
                                                                                                                  • Opcode Fuzzy Hash: e35305ec90654eb47726e3b85a58bb825aa7002e0b9538b083ae27a92fc5c895
                                                                                                                  • Instruction Fuzzy Hash: E7319223B08A4785EE3DDB95E8645787360FB44BA4F0801B2DA0D477A9DF3CE4429700
                                                                                                                  Function 00007FFD9A07C61C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 4af66db5b1cecd3f8a91385732624d400cc82c39c12d8efa0fbd69fc4e7b47a4
                                                                                                                  • Instruction ID: ef5c4d2831a1d05666ecca5c5d1769544aa2c56c5276a47f05ece38f91488e53
                                                                                                                  • Opcode Fuzzy Hash: 4af66db5b1cecd3f8a91385732624d400cc82c39c12d8efa0fbd69fc4e7b47a4
                                                                                                                  • Instruction Fuzzy Hash: 3531B023B08A4781EA3DDB95E8A45787360FB84BA4F0805B2DE0D177A9DF3CE486D300
                                                                                                                  Function 00007FFD9A054C20 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: ac7a640332557d5b5f9336cbf909b541899b8366478aa789d5964ec1389b1217
                                                                                                                  • Instruction ID: ed73538177a6b117feb0d38b4b4b9a3f63201b3a25908d242e6709ed2fd679c2
                                                                                                                  • Opcode Fuzzy Hash: ac7a640332557d5b5f9336cbf909b541899b8366478aa789d5964ec1389b1217
                                                                                                                  • Instruction Fuzzy Hash: B8319027B0CA4781EA2D9BD6E9601B87762FF85BE0F4825B1DE0D07799DE3CE4429310
                                                                                                                  Function 00007FFD9A04D880 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 53b00496169379d27dc3c0bcbef6f678b1711fe48489907317cdc2fdac083c80
                                                                                                                  • Instruction ID: 1e7b21fa02b6e56602d92a8b47c42d1ae7c8b6b101dc38a051478371ad372e8a
                                                                                                                  • Opcode Fuzzy Hash: 53b00496169379d27dc3c0bcbef6f678b1711fe48489907317cdc2fdac083c80
                                                                                                                  • Instruction Fuzzy Hash: E7314F23B08A4391EB2DDB95D86017977A1FF44BE0F4806B2DE4D57699EE3CE8469300
                                                                                                                  Function 00007FFD9A054F50 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: a20d17e738c6685d80b34b8ae3a4b393ee32864481d1e777d8306891dc3121be
                                                                                                                  • Instruction ID: 57ba5155eca3ec3d49d6b4911e12fc45d40608ccd29df53b9ce7f984525b4a62
                                                                                                                  • Opcode Fuzzy Hash: a20d17e738c6685d80b34b8ae3a4b393ee32864481d1e777d8306891dc3121be
                                                                                                                  • Instruction Fuzzy Hash: B531B423B09A4781EA2D9BD6D9601B977A1FB44BA0F4811B1DA0D1B299DE3CF486D300
                                                                                                                  Function 00007FFD9A063CB0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 4eac81ef0005b12bff179a9f7cf3b653102569b8f21692e67352610833f971c2
                                                                                                                  • Instruction ID: b31252af7571880302c8487134ec9fcf9a723a1c6106c2bf5eec558d1152558d
                                                                                                                  • Opcode Fuzzy Hash: 4eac81ef0005b12bff179a9f7cf3b653102569b8f21692e67352610833f971c2
                                                                                                                  • Instruction Fuzzy Hash: A7319E23B08A4781EA2D9B95E8611B977A1FF45BE4F4902B2DA4D073D9DE3CE4429340
                                                                                                                  Function 00007FFD9A054D30 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 6cd04df289ad89e23516b0d557bce46929b717c0bfc776ac7b52bf54662687bd
                                                                                                                  • Instruction ID: b589d8703b5a7d3b78b659e740e75a352b1a51844a3a1c4b2c547091de46afc9
                                                                                                                  • Opcode Fuzzy Hash: 6cd04df289ad89e23516b0d557bce46929b717c0bfc776ac7b52bf54662687bd
                                                                                                                  • Instruction Fuzzy Hash: 52319227B0DA4781EA2DDBD6E8601B87762FB44BA0F0815B2DA0D176D9DE7CE842D710
                                                                                                                  Function 00007FFD9A054E40 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: 83a95ff91e339e134a70a64c271596b337a382321584409226b111350b1b3e40
                                                                                                                  • Instruction ID: 63fc09a76beb4e58f53478a94d3f7dcc500ca6ea2e13dd17aaf01b554c977512
                                                                                                                  • Opcode Fuzzy Hash: 83a95ff91e339e134a70a64c271596b337a382321584409226b111350b1b3e40
                                                                                                                  • Instruction Fuzzy Hash: 1031A127B0DA4380EA2D9BE6E8701B97762FF40BA0F0815B2DA4D0769DDE3CE4429300
                                                                                                                  Function 00007FFD9A046390 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: d3346a5a18df91a7cc4ceef21a3e73edc5d346a9d521d23ffb4e2da158f0b3e3
                                                                                                                  • Instruction ID: 4ba658657491f7fe16a181c1ebc5f167ec53c83626af4a8c20e784d017635b72
                                                                                                                  • Opcode Fuzzy Hash: d3346a5a18df91a7cc4ceef21a3e73edc5d346a9d521d23ffb4e2da158f0b3e3
                                                                                                                  • Instruction Fuzzy Hash: 2E317023B08A8381EE2DDBD5D96017977A1FB84BA4F4805B1EE8D17399FE3CE4469310
                                                                                                                  Function 00007FFD9A06C520 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2081738530-0
                                                                                                                  • Opcode ID: ba8876aa3346ae9c75539d70029f14eededd9cbc27ddee5232561dd766709d84
                                                                                                                  • Instruction ID: 9552050a13d7481f444be0352ff974c86ba3b8715201ada6c8a0b4f5ca47be40
                                                                                                                  • Opcode Fuzzy Hash: ba8876aa3346ae9c75539d70029f14eededd9cbc27ddee5232561dd766709d84
                                                                                                                  • Instruction Fuzzy Hash: C7319223B08A4381FA2DDB95D96127977A1FF44BE4F0816B2DA4D17799DE3DE482D300
                                                                                                                  Function 00007FFD9A0D1B40 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000,00007FFD9A0DD477,?,?,?), ref: 00007FFD9A0D1B4F
                                                                                                                  • FlsSetValue.KERNEL32(?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000,00007FFD9A0DD477,?,?,?), ref: 00007FFD9A0D1B85
                                                                                                                  • FlsSetValue.KERNEL32(?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000,00007FFD9A0DD477,?,?,?), ref: 00007FFD9A0D1BB2
                                                                                                                  • FlsSetValue.KERNEL32(?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000,00007FFD9A0DD477,?,?,?), ref: 00007FFD9A0D1BC3
                                                                                                                  • FlsSetValue.KERNEL32(?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000,00007FFD9A0DD477,?,?,?), ref: 00007FFD9A0D1BD4
                                                                                                                  • SetLastError.KERNEL32(?,?,0000BFF16B24B14E,00007FFD9A0C5325,?,?,?,?,00007FFD9A0D8E42,?,?,00000000,00007FFD9A0DD477,?,?,?), ref: 00007FFD9A0D1BEF
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2506987500-0
                                                                                                                  • Opcode ID: a1d2c55dd284721abfb634c16896dec39c1378b3568d0735272d6774f9ee9a07
                                                                                                                  • Instruction ID: b428a61badddcc9d2547d9147a947abde06a2cb90eaffb99b6c21823be827223
                                                                                                                  • Opcode Fuzzy Hash: a1d2c55dd284721abfb634c16896dec39c1378b3568d0735272d6774f9ee9a07
                                                                                                                  • Instruction Fuzzy Hash: 59112423B0C34342FA7CA7A1957517972529F887B0F1507B4F92E4B6DEEF2CA841A641
                                                                                                                  Function 00007FFD9A04A200 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 276COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Init_thread_footer
                                                                                                                  • String ID: <>:"/\|?*
                                                                                                                  • API String ID: 3356721665-3841475095
                                                                                                                  • Opcode ID: 425ff8c6f6252e8f4b37f4b97e46b64ab65e4ab4258a9e15a63a3a7a053d55ec
                                                                                                                  • Instruction ID: 1e3993246b526583f365f8e963c9c4b330f66ccf3e3bb7a9aa93af47da9a0c8a
                                                                                                                  • Opcode Fuzzy Hash: 425ff8c6f6252e8f4b37f4b97e46b64ab65e4ab4258a9e15a63a3a7a053d55ec
                                                                                                                  • Instruction Fuzzy Hash: BDB18063B18A8385EB288FA5D5643B93391FB447A4F504275EA6D17BDDEF3CE4819300
                                                                                                                  Function 00007FFD9A061A70 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 271COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: at $std:$system
                                                                                                                  • API String ID: 3668304517-2505448101
                                                                                                                  • Opcode ID: 5f7cc786e631b0e74e9e1bd026284c0d3efcec02e65685e72cdc65300af50fc4
                                                                                                                  • Instruction ID: 93cccc1d37f6748676da31ea4612fe3c1c33c25ff01b3bee940638dd6716d22a
                                                                                                                  • Opcode Fuzzy Hash: 5f7cc786e631b0e74e9e1bd026284c0d3efcec02e65685e72cdc65300af50fc4
                                                                                                                  • Instruction Fuzzy Hash: 3DB1B163B14B5685EF28CBA6E4652AD3361FB49B98F104271DE6E03BD9DF38E041D340
                                                                                                                  Function 00007FFD9A074B90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 206COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                  • String ID: ,$false$true
                                                                                                                  • API String ID: 1173176844-760133229
                                                                                                                  • Opcode ID: f61bbf55d3453621d0321d380b774bceaaaf36c9cfa69baeb5aec0e634acf0e4
                                                                                                                  • Instruction ID: cd8d34ff0d9c2f431701a9a7b24b5c7d36c47b798f8234eacc728c3dff71fcb6
                                                                                                                  • Opcode Fuzzy Hash: f61bbf55d3453621d0321d380b774bceaaaf36c9cfa69baeb5aec0e634acf0e4
                                                                                                                  • Instruction Fuzzy Hash: 8981CD23B19B4685E764CFA1E8102AE73A8FB48788F4101B2EE8D43B59EF39D556D700
                                                                                                                  Function 00007FFD9A0BBDF0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                  • API String ID: 2943138195-757766384
                                                                                                                  • Opcode ID: 7d1cbcb50031b8f9528458c79e85923f490d0d7662a0d172dfdf8c9dbfcfd909
                                                                                                                  • Instruction ID: e098c7451ada9e8e8dd0b9a9b60f5f7f3c9e0d8725e52ee489d42ed17de8289e
                                                                                                                  • Opcode Fuzzy Hash: 7d1cbcb50031b8f9528458c79e85923f490d0d7662a0d172dfdf8c9dbfcfd909
                                                                                                                  • Instruction Fuzzy Hash: A2716E73B0CA1384EB388FA5D6751BC77A0BB09784F8445B6CA4D56AADDF3CE1609300
                                                                                                                  Function 00007FFD9A048650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 2967684691-1405518554
                                                                                                                  • Opcode ID: 7029a183b29259f5d080046cc94de290224643f9a4acbfe1ceb21dc97ffa4660
                                                                                                                  • Instruction ID: afe9a4c33fd0ebd1a0253b73018ab658ba7917d4fc85920a33c9601d5998c7b8
                                                                                                                  • Opcode Fuzzy Hash: 7029a183b29259f5d080046cc94de290224643f9a4acbfe1ceb21dc97ffa4660
                                                                                                                  • Instruction Fuzzy Hash: 66518B23F09B4389EB29DFA0D5612AC33E4BF44B84F040875DE4D23A89DF38E959A310
                                                                                                                  Function 00007FFD9A059D90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_taskLockitstd::_$Lockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 2927694129-1405518554
                                                                                                                  • Opcode ID: 08ee1b3967b54664d40556b6e4dca6bc14adeb461db8bc2fd480ca6009b2ee36
                                                                                                                  • Instruction ID: f738fdeaec734e221dd091b9304a67cd6689bd95ca1728e0ee34dec4e3459cd1
                                                                                                                  • Opcode Fuzzy Hash: 08ee1b3967b54664d40556b6e4dca6bc14adeb461db8bc2fd480ca6009b2ee36
                                                                                                                  • Instruction Fuzzy Hash: 9D416123B0964286EA69DBE5E9603BE77E4FF84780F141575EA8D03A99CF3CD4509710
                                                                                                                  Function 00007FFD9A0890B8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Maklocstr$Getvals
                                                                                                                  • String ID: false$true
                                                                                                                  • API String ID: 3025811523-2658103896
                                                                                                                  • Opcode ID: 21ba5e9dcfa14748637ffeedb7065e45bedb9d8283f7c653025d7417579fcdb8
                                                                                                                  • Instruction ID: ee1be579a4104f465fb9254771455c0ae7956efb9cc30d515edd6856a1e19879
                                                                                                                  • Opcode Fuzzy Hash: 21ba5e9dcfa14748637ffeedb7065e45bedb9d8283f7c653025d7417579fcdb8
                                                                                                                  • Instruction Fuzzy Hash: C2415B23B08B8699E724DFB4E4501EC33B1FB58788B405226EE4D27A59EF38D59AD344
                                                                                                                  Function 00007FFD9A0502F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  • couldn't get special folder, error {}, xrefs: 00007FFD9A05035C
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FFD9A050368
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$FreeTask
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                                                                                  • API String ID: 1807027773-2224659992
                                                                                                                  • Opcode ID: b84c0743efdce78aa4bab5032517c3909bd40c09f92be3c87a9e3270ba148090
                                                                                                                  • Instruction ID: 72efd6bb6af969cb90e08e14eec6a845211e27e198b0f49b61276498afe6992f
                                                                                                                  • Opcode Fuzzy Hash: b84c0743efdce78aa4bab5032517c3909bd40c09f92be3c87a9e3270ba148090
                                                                                                                  • Instruction Fuzzy Hash: 4141D332B08B8686E7248F92F46026AB7A5FBC97D0F145235EB8D03B99DF3CE5549700
                                                                                                                  Function 00007FFD9A056470 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: ($/
                                                                                                                  • API String ID: 946306463-2468745909
                                                                                                                  • Opcode ID: b8584e709c6b1a24ac128c25bae6a3fce6da2b4b0fd9786955d38a879c0fc161
                                                                                                                  • Instruction ID: e1c03b122c2d02288da6f708e4d837b59ee31633287ebf1e6f13e2c59925fc94
                                                                                                                  • Opcode Fuzzy Hash: b8584e709c6b1a24ac128c25bae6a3fce6da2b4b0fd9786955d38a879c0fc161
                                                                                                                  • Instruction Fuzzy Hash: 7741B223B18B8681EB25CF64E4603A97370FB99794F509271EA9C06799EF3CE5D4D700
                                                                                                                  Function 00007FFD9A0565E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: "$/
                                                                                                                  • API String ID: 946306463-2662438755
                                                                                                                  • Opcode ID: 2ee86be5cfdbf845f6f15e06806eac28e0614359746b3a5fb7f782153ca3e777
                                                                                                                  • Instruction ID: fa9f2075d6f249b32b179e35f3ceaae1b911b31a2124443b1792a0430e1eb5e7
                                                                                                                  • Opcode Fuzzy Hash: 2ee86be5cfdbf845f6f15e06806eac28e0614359746b3a5fb7f782153ca3e777
                                                                                                                  • Instruction Fuzzy Hash: 4841D223B18B8681EB258F64E4603A97370FB99794F509271EADC067A9EF3CE5D4D700
                                                                                                                  Function 00007FFD9A0BD9B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: NameName::
                                                                                                                  • String ID: `template-parameter$void
                                                                                                                  • API String ID: 1333004437-4057429177
                                                                                                                  • Opcode ID: 88f1c2d15a0bc3adf9c6da8158cc998536c8b7ff011d6048e52b1d8740332abf
                                                                                                                  • Instruction ID: 80ac5a6560d25f91f0f9ed5c7431963f08a5070628b6c488d26e4e1a1206da34
                                                                                                                  • Opcode Fuzzy Hash: 88f1c2d15a0bc3adf9c6da8158cc998536c8b7ff011d6048e52b1d8740332abf
                                                                                                                  • Instruction Fuzzy Hash: 5C416923F08B5788FF288BA0D9652EC33B1BB48788F944176CE4D27A99DF7CA4459340
                                                                                                                  Function 00007FFD9A056750 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: &$..9999$/
                                                                                                                  • API String ID: 1109970293-2119091122
                                                                                                                  • Opcode ID: bad96269d5de9d689d7aab0c74dd9c1f69abd81ef4288e4d0c058360d48cd253
                                                                                                                  • Instruction ID: 969a34fca43bad04de57670608a18439b897a762a48f9adbc0e048f4be57b67b
                                                                                                                  • Opcode Fuzzy Hash: bad96269d5de9d689d7aab0c74dd9c1f69abd81ef4288e4d0c058360d48cd253
                                                                                                                  • Instruction Fuzzy Hash: B831C423A18B8682EB24CB64E4603697370FB99794F505375E6DD027A9EF3DD4D0D700
                                                                                                                  Function 00007FFD9A0D958C Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _set_statfp
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1156100317-0
                                                                                                                  • Opcode ID: e2a52eeffa03d19c3473cc8f4d897b2ea57e3a717b0bc8f4356aac3dbbf2edbd
                                                                                                                  • Instruction ID: 6d50c46f084b46a8bdc026dbab12b5ee3aa374e1434cb850182d1efaf6419848
                                                                                                                  • Opcode Fuzzy Hash: e2a52eeffa03d19c3473cc8f4d897b2ea57e3a717b0bc8f4356aac3dbbf2edbd
                                                                                                                  • Instruction Fuzzy Hash: 7D81D113F08B4745F67A8FB5A4602BE7650AF557D8F0443B1FD5E269ACDF3CA481A600
                                                                                                                  Function 00007FFD9A061200 Relevance: 7.7, APIs: 5, Instructions: 161windowCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9A061AD5), ref: 00007FFD9A061257
                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9A061AD5), ref: 00007FFD9A061299
                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFD9A0613F1
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A06141D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharFormatFreeLocalMessageMultiWide_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 981250203-0
                                                                                                                  • Opcode ID: a4c55069807a390da005bd219704418b097c0374aeaa76d1932dde3f0647e92d
                                                                                                                  • Instruction ID: 552e6ccd81129620d4866008d59b9f3a4f02ff9f02dfe74834d584a7ec6acc32
                                                                                                                  • Opcode Fuzzy Hash: a4c55069807a390da005bd219704418b097c0374aeaa76d1932dde3f0647e92d
                                                                                                                  • Instruction Fuzzy Hash: CA51F123F18B528AFB28CBA5D4617BD37A1BB487A8F045634DE4E53E99DF38D0819700
                                                                                                                  Function 00007FFD9A050950 Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 143101810-0
                                                                                                                  • Opcode ID: 82cfe084d05c7e912d23034e6c0e9f73626f2345b82c46785d34751a916b4bac
                                                                                                                  • Instruction ID: f0896be71849f94ccf45196ee249322693fd346619205aad07f8dde49e7b3626
                                                                                                                  • Opcode Fuzzy Hash: 82cfe084d05c7e912d23034e6c0e9f73626f2345b82c46785d34751a916b4bac
                                                                                                                  • Instruction Fuzzy Hash: 3F51B523B0874345EA389F92B55026EB6A4FB857E4F185775EEAE037D9DF7CD090A200
                                                                                                                  Function 00007FFD9A0BA238 Relevance: 7.6, APIs: 5, Instructions: 93COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: NameName::$Name::operator+
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 826178784-0
                                                                                                                  • Opcode ID: 9cc5fa096e5a0a8fddfadafd10dc89e0a5e8996c5e5224a87b09b245d29a3d37
                                                                                                                  • Instruction ID: 911a7fd08cdd572c39012545bdea1b5e70dde7a0c803ccfdb519dd2dbc49837b
                                                                                                                  • Opcode Fuzzy Hash: 9cc5fa096e5a0a8fddfadafd10dc89e0a5e8996c5e5224a87b09b245d29a3d37
                                                                                                                  • Instruction Fuzzy Hash: A1419F33B0DA5795EF28CBA4DAA01B837B4BB55B80B9440B3DA4D137A9DF39E455D300
                                                                                                                  Function 00007FFD9A0E1DBC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _set_statfp
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1156100317-0
                                                                                                                  • Opcode ID: 6e4f390f8d976f999aef89e1ebd30f2423b3d155eab78d2d27cfc50b49dd385e
                                                                                                                  • Instruction ID: f522532cf07f8ef6c6fce3c0957c37fe6a2e34fe797b82600f96e0f1b0fed8f1
                                                                                                                  • Opcode Fuzzy Hash: 6e4f390f8d976f999aef89e1ebd30f2423b3d155eab78d2d27cfc50b49dd385e
                                                                                                                  • Instruction Fuzzy Hash: 7B111963F18B0705F7BC15A9A9763793049AF653F4E2806B4FA7E467DE9E6CAC40B100
                                                                                                                  Function 00007FFD9A0D1C08 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FFD9A0BF1A3,?,?,00000000,00007FFD9A0BF43E,?,?,?,?,?,00007FFD9A0BF3CA), ref: 00007FFD9A0D1C27
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0BF1A3,?,?,00000000,00007FFD9A0BF43E,?,?,?,?,?,00007FFD9A0BF3CA), ref: 00007FFD9A0D1C46
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0BF1A3,?,?,00000000,00007FFD9A0BF43E,?,?,?,?,?,00007FFD9A0BF3CA), ref: 00007FFD9A0D1C6E
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0BF1A3,?,?,00000000,00007FFD9A0BF43E,?,?,?,?,?,00007FFD9A0BF3CA), ref: 00007FFD9A0D1C7F
                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD9A0BF1A3,?,?,00000000,00007FFD9A0BF43E,?,?,?,?,?,00007FFD9A0BF3CA), ref: 00007FFD9A0D1C90
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Value
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3702945584-0
                                                                                                                  • Opcode ID: 11765326bb6d4892b31f9ff3a9be7395424680683050239707052612c2249ef5
                                                                                                                  • Instruction ID: 6add11f65fffcac46a47c9f7015136a52571f19778ab3d189cc8b9e3b4611379
                                                                                                                  • Opcode Fuzzy Hash: 11765326bb6d4892b31f9ff3a9be7395424680683050239707052612c2249ef5
                                                                                                                  • Instruction Fuzzy Hash: 46110323F0C74341FA7C93A5A67217A72415F843B0E4567B4F92E4A6DEDF2CE481A601
                                                                                                                  Function 00007FFD9A043BD7 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                                                                                  • API String ID: 3668304517-2267907852
                                                                                                                  • Opcode ID: eae48cf29b154a8592d0c7e870acd674272bc2775f49a9c542b8e1c76fec63b2
                                                                                                                  • Instruction ID: 2e0da8b6dc13763b93ee73f1432ea4c43be0be547e1c0754a99e8f14df927db0
                                                                                                                  • Opcode Fuzzy Hash: eae48cf29b154a8592d0c7e870acd674272bc2775f49a9c542b8e1c76fec63b2
                                                                                                                  • Instruction Fuzzy Hash: 6591A663B18AC341EE289BA9E46536E7351FB857E0F505371DAAD43ADEEF6CD0809700
                                                                                                                  Function 00007FFD9A0436F6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                  • API String ID: 3668304517-3963725590
                                                                                                                  • Opcode ID: 8aa18e938cf472b62834a2e085f09551e528f040edcc30cd9f31e5b5f81ea4c4
                                                                                                                  • Instruction ID: e96275f9acabca17500c0e68a2deccb487ad6950bf2d18e717066cf447cd5fe2
                                                                                                                  • Opcode Fuzzy Hash: 8aa18e938cf472b62834a2e085f09551e528f040edcc30cd9f31e5b5f81ea4c4
                                                                                                                  • Instruction Fuzzy Hash: CB91A363B186C341EA389BA9E4653AE7251FB857E0F105371D6AD43BDEEF6CE0809601
                                                                                                                  Function 00007FFD9A044B14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 203COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                                                                                  • API String ID: 3668304517-1475283317
                                                                                                                  • Opcode ID: 76c460a9afa0cc84317f676c04e65e17221c405f5b9c470ac1301285a90bad35
                                                                                                                  • Instruction ID: 35ba5a363f7b9688b48bf7fd9fb32082c8e46ce457a347ee06d776d6f2875c11
                                                                                                                  • Opcode Fuzzy Hash: 76c460a9afa0cc84317f676c04e65e17221c405f5b9c470ac1301285a90bad35
                                                                                                                  • Instruction Fuzzy Hash: 2981A263B08A8341EA348BA5E4653AE7291FB857E0F504271EAAD03BDDEF3CD4849700
                                                                                                                  Function 00007FFD9A04F8A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 194COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: {}{}${}{}{}
                                                                                                                  • API String ID: 3668304517-2846689003
                                                                                                                  • Opcode ID: 605c9f5ada0807124158fb0926c69c7b119217b8a05b6c25ed5db52c39d8ae91
                                                                                                                  • Instruction ID: f4b2423378904700291d8cfcefa928ea08ba755804d868f7347b7f85fe99fc0e
                                                                                                                  • Opcode Fuzzy Hash: 605c9f5ada0807124158fb0926c69c7b119217b8a05b6c25ed5db52c39d8ae91
                                                                                                                  • Instruction Fuzzy Hash: C3917F63F14B868AFB14CFA4D0243AC33B1F759B88F509225DE8C12A99EF789595C380
                                                                                                                  Function 00007FFD9A043917 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 170COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                                                                                  • API String ID: 3668304517-417426335
                                                                                                                  • Opcode ID: 06177713b893120fcbfa3276d465943483b7f79f0ff18dd3b981348bbbef72f3
                                                                                                                  • Instruction ID: 5b6aff8dbbc1f1808572eb20ca284d20aa924ebd752721de059a975c700b61f8
                                                                                                                  • Opcode Fuzzy Hash: 06177713b893120fcbfa3276d465943483b7f79f0ff18dd3b981348bbbef72f3
                                                                                                                  • Instruction Fuzzy Hash: 4B619463B187C742EA289BA9E06536E7351FB857E0F505372E6AD03ADDEF6CD4809700
                                                                                                                  Function 00007FFD9A044E3F Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                  • API String ID: 3668304517-1752104201
                                                                                                                  • Opcode ID: eac8463e31ff1c54e6cfb6f7ecc0aeed53302ce621d241700a9d805c7a311295
                                                                                                                  • Instruction ID: 89625563936faa7345f70fe037b0fdb2827c8b81d318b117f1e4ea16ba19effa
                                                                                                                  • Opcode Fuzzy Hash: eac8463e31ff1c54e6cfb6f7ecc0aeed53302ce621d241700a9d805c7a311295
                                                                                                                  • Instruction Fuzzy Hash: 88519463B18B8241EA24DBA5E4543AE7391FB857A0F504272EA9D43BD9EF3CD485D700
                                                                                                                  Function 00007FFD9A045758 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$rundll
                                                                                                                  • API String ID: 3668304517-2948112147
                                                                                                                  • Opcode ID: 6078b8c4dd77ce6d66c6c1896ea99b85126e5ccff0228bcb5cd81ef76553c61a
                                                                                                                  • Instruction ID: 82f1f5b94cce35e1b1af4187c8ec8e28f50e8dbe83eccf57446bf8441e09992a
                                                                                                                  • Opcode Fuzzy Hash: 6078b8c4dd77ce6d66c6c1896ea99b85126e5ccff0228bcb5cd81ef76553c61a
                                                                                                                  • Instruction Fuzzy Hash: F2518263B18BC681EA348B94E0653AE7391FB857A0F504276D69D03BD9EF7CD894D700
                                                                                                                  Function 00007FFD9A0748E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                  • Opcode ID: c11533c3c598b5b6b3b515016b1e205453fa6f57e2250d478d9c2471dfc0b682
                                                                                                                  • Instruction ID: 0c456017fc3760b31e4a5ca3fb49885f57d62820a7fc54fdc5cf3cd845ca7f04
                                                                                                                  • Opcode Fuzzy Hash: c11533c3c598b5b6b3b515016b1e205453fa6f57e2250d478d9c2471dfc0b682
                                                                                                                  • Instruction Fuzzy Hash: C4415C23B0A74299EB29DFA0D9603FD33A4AF40788F044875DE4D17A9DCE39D965A314
                                                                                                                  Function 00007FFD9A043F86 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                                                                                  • API String ID: 3668304517-283873059
                                                                                                                  • Opcode ID: 976c1a75b707619041d43c11d97302b4ab7be10f048be6034d89fde6a4765e56
                                                                                                                  • Instruction ID: 10662524a35546b1c811cfc4fefca43585b91d000d4f1d0e3c594ad67a8ab566
                                                                                                                  • Opcode Fuzzy Hash: 976c1a75b707619041d43c11d97302b4ab7be10f048be6034d89fde6a4765e56
                                                                                                                  • Instruction Fuzzy Hash: D351C863B18A8742EA28DBA4E02536E7391FF857A0F504272E69D437DDEF7DE4849700
                                                                                                                  Function 00007FFD9A059BF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                  • Opcode ID: d78744168fa3febd68e6acb945a6f355e63e24ad24036104797d8588ab95d1de
                                                                                                                  • Instruction ID: 1f3f6e26e45b8fc0736cf179e61cb1bdeeefb11b3c3b8e0e88c08214fe75eb2f
                                                                                                                  • Opcode Fuzzy Hash: d78744168fa3febd68e6acb945a6f355e63e24ad24036104797d8588ab95d1de
                                                                                                                  • Instruction Fuzzy Hash: 74413B33B0AB4289EB29DFE1D4602EC37E4EF44788F041875DE4D17A99DE38D924A364
                                                                                                                  Function 00007FFD9A04DD70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                  • Opcode ID: 1b82b1395e471fa959045a9c1f68fb3458e4e1554719711f9b0737aeeefb5442
                                                                                                                  • Instruction ID: 057cd7bd5eb134d95b6e1adb7ef158f3893cf9c9e776e394eadd3c875a4e9337
                                                                                                                  • Opcode Fuzzy Hash: 1b82b1395e471fa959045a9c1f68fb3458e4e1554719711f9b0737aeeefb5442
                                                                                                                  • Instruction Fuzzy Hash: 7C413C23B0AB4399EB29EFA1D4602EC33E4FF54B88F440875DA4D17A99DF38D914A314
                                                                                                                  Function 00007FFD9A063DC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                  • Opcode ID: 5e463c2545244d12a723f96a66fd94ba93ce98ef41f201d59d7e9c5ae3672ecd
                                                                                                                  • Instruction ID: 16a66fe053bc0ad9ceed6240fa67fd09a4515e66e27c5a98e060ff7eba9535d5
                                                                                                                  • Opcode Fuzzy Hash: 5e463c2545244d12a723f96a66fd94ba93ce98ef41f201d59d7e9c5ae3672ecd
                                                                                                                  • Instruction Fuzzy Hash: BF416E33B0AB4289EB29DFA1D4612ED33A4EF44748F0509B5DE4D13A89CF38D924A365
                                                                                                                  Function 00007FFD9A088F70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Maklocwcsstd::_$Getvals
                                                                                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                  • API String ID: 1848906033-3573081731
                                                                                                                  • Opcode ID: 4945e80a272978650193a0fdc4251e42007728a967e1b1419f4d4f27fd509cfb
                                                                                                                  • Instruction ID: 143a1249d311cee017a2ff22b3e643c645bc6679734a6f3dd361a77aa1c66c04
                                                                                                                  • Opcode Fuzzy Hash: 4945e80a272978650193a0fdc4251e42007728a967e1b1419f4d4f27fd509cfb
                                                                                                                  • Instruction Fuzzy Hash: 2E41CE33B08B828BE738DFA995A006E7BA0FB84780B054175DB8D57A09DF39F561DB00
                                                                                                                  Function 00007FFD9A0D48D0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2718003287-0
                                                                                                                  • Opcode ID: 133dc55c0e21b742c966297e81b5a33beadd4daa88c52926250c49ccd20dd440
                                                                                                                  • Instruction ID: 99067d69161b1e6586394f8b9d90c2789ceb3d2e80b91865427ad096406d860a
                                                                                                                  • Opcode Fuzzy Hash: 133dc55c0e21b742c966297e81b5a33beadd4daa88c52926250c49ccd20dd440
                                                                                                                  • Instruction Fuzzy Hash: D8D1F033B18B8289E725CFA9D4502AC37B1FB44798B148276DE5E97B9DDE39D406D300
                                                                                                                  Function 00007FFD9A0D51F8 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9A0D51E3), ref: 00007FFD9A0D5314
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFD9A0D51E3), ref: 00007FFD9A0D539F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 953036326-0
                                                                                                                  • Opcode ID: 828b7f52d8a2d9df6e5fa949f133583be639a632029dc99f08393d5885adaad7
                                                                                                                  • Instruction ID: fc7d233b4ade9d255d9dfe9083312c36c9073103abc4807c1a2a0c3b967138fb
                                                                                                                  • Opcode Fuzzy Hash: 828b7f52d8a2d9df6e5fa949f133583be639a632029dc99f08393d5885adaad7
                                                                                                                  • Instruction Fuzzy Hash: 1091B163F0875385F7788BA594A02BD3BE0BB45B88F144279EE0E67689DE3CE445E700
                                                                                                                  Function 00007FFD9A07C118 Relevance: 6.2, APIs: 4, Instructions: 200COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 73155330-0
                                                                                                                  • Opcode ID: 74f12207df7d499e1482457966883e21b5738a2fb94992b729202e373d2c31ae
                                                                                                                  • Instruction ID: 1b0dc68615784f3f25f31828564465d0215966c018d7c561e98eb3b0b398e129
                                                                                                                  • Opcode Fuzzy Hash: 74f12207df7d499e1482457966883e21b5738a2fb94992b729202e373d2c31ae
                                                                                                                  • Instruction Fuzzy Hash: 1271F323B0868785ED289B92A96427EB351AB04BE0F544731DF7D07BD9EE3CE4529304
                                                                                                                  Function 00007FFD9A0B9F50 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2943138195-0
                                                                                                                  • Opcode ID: fcda0418a93f4b48c4892e59039bbc35314c9457a69dd79d1b2c6a8e12d19b55
                                                                                                                  • Instruction ID: ffe9914478953c6644706e52c2ad9469e43f65e63eb1961cd692c32e35dfa68a
                                                                                                                  • Opcode Fuzzy Hash: fcda0418a93f4b48c4892e59039bbc35314c9457a69dd79d1b2c6a8e12d19b55
                                                                                                                  • Instruction Fuzzy Hash: 1F917933F186578AFB288BA4D9643BC37A1BB08758F5440B6CE4D276A9DF3DA845D340
                                                                                                                  Function 00007FFD9A09EF20 Relevance: 6.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1944019136-0
                                                                                                                  • Opcode ID: 02189de808f1afc48e4db548e88159a28aa9849dbd79642a15145cf48f07be5e
                                                                                                                  • Instruction ID: 7603c5b4c7f8cd198f79685d98fbcae3a73b94d487d9031f402406ec6a6726c3
                                                                                                                  • Opcode Fuzzy Hash: 02189de808f1afc48e4db548e88159a28aa9849dbd79642a15145cf48f07be5e
                                                                                                                  • Instruction Fuzzy Hash: 4661C523B18B8741EA24DBA5E06436A7751EBC97E4F504672EAAD037D9EF7CE0C09300
                                                                                                                  Function 00007FFD9A0506C0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFD9A04B457), ref: 00007FFD9A05071F
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFD9A04B457), ref: 00007FFD9A0507BB
                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FFD9A04B457), ref: 00007FFD9A0507E8
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A05088D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1590159271-0
                                                                                                                  • Opcode ID: b7086a876088d587dec3b11278540827a9c408e179ffe2515a5a8513ebf42d64
                                                                                                                  • Instruction ID: 760ebc25bedd5cdf8df0a35500704950a7e6b40c81345254acacd9612d7ea018
                                                                                                                  • Opcode Fuzzy Hash: b7086a876088d587dec3b11278540827a9c408e179ffe2515a5a8513ebf42d64
                                                                                                                  • Instruction Fuzzy Hash: 7041C122B1874385EA38DFA2A414639B294BF99BE0F195675DAAC03BD8DE3CD4919340
                                                                                                                  Function 00007FFD9A0BA70C Relevance: 6.1, APIs: 4, Instructions: 133COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+$NameName::
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 168861036-0
                                                                                                                  • Opcode ID: 4b0fed31f8a24bd775459307e2d22a8e08b7a790828e1cd5de89c01666fcfa78
                                                                                                                  • Instruction ID: 038747035588f59c393101fa955fd25842267140abd72fb4a2fd914f0dbbdf27
                                                                                                                  • Opcode Fuzzy Hash: 4b0fed31f8a24bd775459307e2d22a8e08b7a790828e1cd5de89c01666fcfa78
                                                                                                                  • Instruction Fuzzy Hash: 9E512973B186578AEB29CFA0D9A17BC37A1BB44B44F548072DA0D17BA9DF39E441D700
                                                                                                                  Function 00007FFD9A0BCB18 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+$Replicator::operator[]
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3863519203-0
                                                                                                                  • Opcode ID: 8b1424a90fe7a39b29f50ee7f49137edc693e78d0e2d63f0bf8e570e1fdcd6fb
                                                                                                                  • Instruction ID: 1cf4b15f19a3bfc088cafd1c2e024c5856252b8ca996c2c0b7d146bf3709b05e
                                                                                                                  • Opcode Fuzzy Hash: 8b1424a90fe7a39b29f50ee7f49137edc693e78d0e2d63f0bf8e570e1fdcd6fb
                                                                                                                  • Instruction Fuzzy Hash: 4A413473B08B5689EB29CFA8D8A13AC37A0FB48B48F548076DA4D67799DF7C9441C740
                                                                                                                  Function 00007FFD9A0A8320 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFD9A0A43A3,?,?,00000000,?,?,00007FFD9A0A450E,?,?,?,?,?,00007FFD9A060BFE), ref: 00007FFD9A0A8330
                                                                                                                  • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FFD9A0A43A3,?,?,00000000,?,?,00007FFD9A0A450E,?,?,?,?,?,00007FFD9A060BFE), ref: 00007FFD9A0A8367
                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFD9A0A43A3,?,?,00000000,?,?,00007FFD9A0A450E,?,?,?,?,?,00007FFD9A060BFE), ref: 00007FFD9A0A8382
                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FFD9A0A43A3,?,?,00000000,?,?,00007FFD9A0A450E,?,?,?,?,?,00007FFD9A060BFE), ref: 00007FFD9A0A839A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3114648011-0
                                                                                                                  • Opcode ID: af0b0b513a503c52e3deb9d93c7df483ea1ddb21ecf733379f330b719c92009b
                                                                                                                  • Instruction ID: b4c44afd7047c914fafd39fc37b9cc50e5d285f046bc596b4e6b7332c65cc744
                                                                                                                  • Opcode Fuzzy Hash: af0b0b513a503c52e3deb9d93c7df483ea1ddb21ecf733379f330b719c92009b
                                                                                                                  • Instruction Fuzzy Hash: F301DEA3F0C55B84EB3947A1D4792B437A26B1AB12FC800F1C59E461A8DE0C998BE710
                                                                                                                  Function 00007FFD9A069E40 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 364COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 3668304517-4108050209
                                                                                                                  • Opcode ID: 2600323673847a6b3ccbd0abeb2eec316d9bd1a4172048d7da4d63bf8a735a36
                                                                                                                  • Instruction ID: 4c918f73698b8d002d601366541accdc23e011759d14a2ac6bdab9099aceb81e
                                                                                                                  • Opcode Fuzzy Hash: 2600323673847a6b3ccbd0abeb2eec316d9bd1a4172048d7da4d63bf8a735a36
                                                                                                                  • Instruction Fuzzy Hash: F4E1B223B19B428AEB24CBA5E4512AE77B5FB44788F000236EE8D53B9DDE3CD515D740
                                                                                                                  Function 00007FFD9A0A5570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A0A5702
                                                                                                                    • Part of subcall function 00007FFD9A054C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FFD9A054C35
                                                                                                                    • Part of subcall function 00007FFD9A054C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FFD9A054C5A
                                                                                                                    • Part of subcall function 00007FFD9A054C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FFD9A054C84
                                                                                                                    • Part of subcall function 00007FFD9A054C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FFD9A054D15
                                                                                                                  Strings
                                                                                                                  • Could not convert character encoding, xrefs: 00007FFD9A0A589A
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp, xrefs: 00007FFD9A0A58A6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp$Could not convert character encoding
                                                                                                                  • API String ID: 533778753-1756177606
                                                                                                                  • Opcode ID: cc3961754eeecbb52a86cb38647c9d3e5a9b6cfce22cb3c846b9e74e12148789
                                                                                                                  • Instruction ID: 34d5071cb02b9e292b10e4c87f7e0333ae319d5a7e4c7bf68de77c6e74d74b9c
                                                                                                                  • Opcode Fuzzy Hash: cc3961754eeecbb52a86cb38647c9d3e5a9b6cfce22cb3c846b9e74e12148789
                                                                                                                  • Instruction Fuzzy Hash: AD91C523B08B8685EE288B51E5643BAB3A1FB887D4F544171EE9D07B99DF3CE580D700
                                                                                                                  Function 00007FFD9A046670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FFD9A046673
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp
                                                                                                                  • API String ID: 0-2526021498
                                                                                                                  • Opcode ID: ed12254d8238f9ea1f4fed8efcfab9895f7bdd764f0c891de40a7e63c30cb965
                                                                                                                  • Instruction ID: cb552f6ef0f7e43e3ccf2e3ea756cb55bd2f50149b44195a56861f0eba16c793
                                                                                                                  • Opcode Fuzzy Hash: ed12254d8238f9ea1f4fed8efcfab9895f7bdd764f0c891de40a7e63c30cb965
                                                                                                                  • Instruction Fuzzy Hash: 45515163A08BCA81EA34CB55E4543AAB3A1FBD9790F505325DADD53B99EF3CE084D700
                                                                                                                  Function 00007FFD9A042420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: M
                                                                                                                  • API String ID: 3668304517-2059362058
                                                                                                                  • Opcode ID: d416d92b164b94992c946196c7ba48d433c62de4ada8dff41e93d11ddfd8b0d7
                                                                                                                  • Instruction ID: 48b6fa2d2fb42784dd95e5806b2f289e1c05a0ddfa3c754cdf7c579d42672e92
                                                                                                                  • Opcode Fuzzy Hash: d416d92b164b94992c946196c7ba48d433c62de4ada8dff41e93d11ddfd8b0d7
                                                                                                                  • Instruction Fuzzy Hash: EA516163B08BCA81EA74CB65E4503AAB361FBD97A0F405225DADD53B99EF3CD084D700
                                                                                                                  Function 00007FFD9A042A90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: DB
                                                                                                                  • API String ID: 3668304517-1293858882
                                                                                                                  • Opcode ID: 9c4be18cbe982dae18bcad36b4f5bb1c107f5ab7e729f6d40709142c8c6e9ead
                                                                                                                  • Instruction ID: 0fa062f682c247531607520dbcf165dda4bab225704bdf537b4458ad222c4d7d
                                                                                                                  • Opcode Fuzzy Hash: 9c4be18cbe982dae18bcad36b4f5bb1c107f5ab7e729f6d40709142c8c6e9ead
                                                                                                                  • Instruction Fuzzy Hash: 1E515163A0CBCA80EA749B69E4513EAB360FB997A0F405325DADC43799EF3CD584C700
                                                                                                                  Function 00007FFD9A046AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: Mt
                                                                                                                  • API String ID: 3668304517-1399232146
                                                                                                                  • Opcode ID: 8b832ad5c7768de4de824380329bb5cff4b0926818db3c5605c8d856487b24e0
                                                                                                                  • Instruction ID: da04680419c92122e5b7d42b9230ec3c67d262cea08ab7914940ef1c2602faa2
                                                                                                                  • Opcode Fuzzy Hash: 8b832ad5c7768de4de824380329bb5cff4b0926818db3c5605c8d856487b24e0
                                                                                                                  • Instruction Fuzzy Hash: A4515162A0CBC980EA358B68E4513EAB360FBD97A0F405321DADD43B99EF7CD194D700
                                                                                                                  Function 00007FFD9A048B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMtx_unlockPathTemp_invalid_parameter_noinfo_noreturn
                                                                                                                  • String ID: port name cannot be empty
                                                                                                                  • API String ID: 2419482883-1868005089
                                                                                                                  • Opcode ID: 01edf5dbae7c7293e8fa5c08f82d5da5628c5ce546370ab03acf53ba8f46b614
                                                                                                                  • Instruction ID: b4f23b6b4de4b6e2f9e57a4e2a326fe5e2e9d93256f0d4d8be5e0d27da0ef736
                                                                                                                  • Opcode Fuzzy Hash: 01edf5dbae7c7293e8fa5c08f82d5da5628c5ce546370ab03acf53ba8f46b614
                                                                                                                  • Instruction Fuzzy Hash: 0741F233B09B4782EA289B65E8612AE73A0FB85BE4F544531EA4D43799EF3CD485D700
                                                                                                                  Function 00007FFD9A04AAF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00007FFD9A050460: GetTempPathW.KERNEL32 ref: 00007FFD9A0504AA
                                                                                                                    • Part of subcall function 00007FFD9A050460: GetLastError.KERNEL32 ref: 00007FFD9A0504B4
                                                                                                                    • Part of subcall function 00007FFD9A050460: WideCharToMultiByte.KERNEL32 ref: 00007FFD9A050533
                                                                                                                    • Part of subcall function 00007FFD9A050460: WideCharToMultiByte.KERNEL32 ref: 00007FFD9A05056C
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04AC92
                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFD9A04AC98
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                                                                                  • String ID: Wildix FaxPort
                                                                                                                  • API String ID: 1286625825-2810657378
                                                                                                                  • Opcode ID: 93fdf2950ff945f7ec4ce63cf3a1974a3aa22a959710a81fb1456989e1361f6f
                                                                                                                  • Instruction ID: 1e5e32265ceda80ffd3c8b37487caf57f80daf50ed679b2f181f572b9bff022b
                                                                                                                  • Opcode Fuzzy Hash: 93fdf2950ff945f7ec4ce63cf3a1974a3aa22a959710a81fb1456989e1361f6f
                                                                                                                  • Instruction Fuzzy Hash: A041A373B18B4782EA64CB65D0A026D73A1FB897A0F548231EA9D03799EF3CD4819740
                                                                                                                  Function 00007FFD9A05A010 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 593203224-1405518554
                                                                                                                  • Opcode ID: 0d9d80600485444ad79f40be8b0be6d787fdbb195752098556b1e1cf47f7ca99
                                                                                                                  • Instruction ID: fab1c30decb334470bca76f248a4f6011b39689ee73948e14eccded2af15a6fb
                                                                                                                  • Opcode Fuzzy Hash: 0d9d80600485444ad79f40be8b0be6d787fdbb195752098556b1e1cf47f7ca99
                                                                                                                  • Instruction Fuzzy Hash: E9413A23F0A74288FB29DFE1D424BAC32A4AF44788F4404B5DE4D13A89CE38D915E348
                                                                                                                  Function 00007FFD9A0D4F68 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                  • String ID: U
                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                  • Opcode ID: 5f663c3fd3d255cfda4f5e2944c61ba0478e2b525ba73fc05a31a5376b2717e3
                                                                                                                  • Instruction ID: 9e58b28c4cfa9d577fa570fbf3a79fd7f40e3618a6421b296145388fe66a40ac
                                                                                                                  • Opcode Fuzzy Hash: 5f663c3fd3d255cfda4f5e2944c61ba0478e2b525ba73fc05a31a5376b2717e3
                                                                                                                  • Instruction Fuzzy Hash: C641B123B18B8686DB24CF65E8543AA77A0FB88794F404131EE4D87798EF3CE445D740
                                                                                                                  Function 00007FFD9A0BA9D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: NameName::
                                                                                                                  • String ID: %lf
                                                                                                                  • API String ID: 1333004437-2891890143
                                                                                                                  • Opcode ID: 85668a36295343c5ac8733365a08c63ad65be95d1277db086a08029145af80e5
                                                                                                                  • Instruction ID: 869d0afbf142fec2ef32ee6dab127cd36830bfdfe9f6da325774e80dbb203507
                                                                                                                  • Opcode Fuzzy Hash: 85668a36295343c5ac8733365a08c63ad65be95d1277db086a08029145af80e5
                                                                                                                  • Instruction Fuzzy Hash: E531B433B0C68786EA39DB91A9700B97351BF49784B4482B6EA5E57759DF3CE1419300
                                                                                                                  Function 00007FFD9A0A81A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 00007FFD9A0A81CF
                                                                                                                    • Part of subcall function 00007FFD9A0A5E10: __std_exception_copy.LIBVCRUNTIME ref: 00007FFD9A0A5E3A
                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 00007FFD9A0A827F
                                                                                                                    • Part of subcall function 00007FFD9A0A5E80: __std_exception_copy.LIBVCRUNTIME ref: 00007FFD9A0A5EAF
                                                                                                                  Strings
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp, xrefs: 00007FFD9A0A8223
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __std_exception_copystd::bad_exception::bad_exception
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp
                                                                                                                  • API String ID: 3754101179-738887669
                                                                                                                  • Opcode ID: 7dcdcee4e66897240bf0cdfbf3d26afe63a67e711857ac5f467846a6ae3dd0d1
                                                                                                                  • Instruction ID: 124ec6b415377aa418c66c55e6c5647c6c3e159e659da4b33c9e4ee780b8bcaf
                                                                                                                  • Opcode Fuzzy Hash: 7dcdcee4e66897240bf0cdfbf3d26afe63a67e711857ac5f467846a6ae3dd0d1
                                                                                                                  • Instruction Fuzzy Hash: 5321D453B1D58355D928A662D8293FBB321EFC5BC0F448071EA4E4BB9FED1CD5059380
                                                                                                                  Function 00007FFD9A0B9E3C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Name::operator+
                                                                                                                  • String ID: void$void
                                                                                                                  • API String ID: 2943138195-3746155364
                                                                                                                  • Opcode ID: f1c05fc7145a031106bed610ff3aaeeeae1446770ef8835e39a4b602f214c1b6
                                                                                                                  • Instruction ID: 701e46a3cf55fbe830b3d88f62ebfdff8d6467b1374ad321935c2fce396e919e
                                                                                                                  • Opcode Fuzzy Hash: f1c05fc7145a031106bed610ff3aaeeeae1446770ef8835e39a4b602f214c1b6
                                                                                                                  • Instruction Fuzzy Hash: AE313463F18A2688FB28CBA4E8610FC37B0BB48788B840576DE4E23B59DF3C9154D754
                                                                                                                  Function 00007FFD9A048D70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Mtx_unlock
                                                                                                                  • String ID: ,$port object {:#x} is not present in the list
                                                                                                                  • API String ID: 1418687624-2950792495
                                                                                                                  • Opcode ID: f2726cfe368c0018a19b06c7d5213c5894d768bf02e51a0aac68a84f5462c573
                                                                                                                  • Instruction ID: b0f23e0858ef5aa927a3d856b3290c615cee4fc4736f4866ca8e4868f92c9da7
                                                                                                                  • Opcode Fuzzy Hash: f2726cfe368c0018a19b06c7d5213c5894d768bf02e51a0aac68a84f5462c573
                                                                                                                  • Instruction Fuzzy Hash: C4219223708B4781EA78CB61E4613AA77A0FB847C4F448971DA8D47B59EF3CE449D740
                                                                                                                  Function 00007FFD9A0739B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                  • String ID: bad locale name
                                                                                                                  • API String ID: 1838369231-1405518554
                                                                                                                  • Opcode ID: a6def5bc57086b163726a0931fdd04756445cd0118717f0d6f7130d339d2c2e0
                                                                                                                  • Instruction ID: a3f63e76b1347fee5c5720a3c2b331bc5f39ee76e68ab8f0c1007c8fb1d2dbec
                                                                                                                  • Opcode Fuzzy Hash: a6def5bc57086b163726a0931fdd04756445cd0118717f0d6f7130d339d2c2e0
                                                                                                                  • Instruction Fuzzy Hash: C2018623605B8289D758DFB5A94115C77B5FB58B84B185179DB8C8371EEF38C9A0C344
                                                                                                                  Function 00007FFD9A0B1DDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFD9A04314F), ref: 00007FFD9A0B1E20
                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFD9A04314F), ref: 00007FFD9A0B1E66
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                  • Opcode ID: 81885f7563f5cbc4e853b031928c0d3fa19fbbd861defef8bb5bbab469655405
                                                                                                                  • Instruction ID: 6df49894333455c4e8060fcf6acd533bb17133c1aa83caa014eb83a776f308d4
                                                                                                                  • Opcode Fuzzy Hash: 81885f7563f5cbc4e853b031928c0d3fa19fbbd861defef8bb5bbab469655405
                                                                                                                  • Instruction Fuzzy Hash: 98118C33608B8282EB658F15F520269B7A1FB88B84F284275EE9D07768DF3CC851DB00
                                                                                                                  Function 00007FFD9A0AA9A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • TlsAlloc.KERNEL32(?,?,00000000,00007FFD9A0A544A,?,?,00000000,00007FFD9A0A54C8,?,?,?,?,?,?,?,00007FFD9A05B9CE), ref: 00007FFD9A0AA9A9
                                                                                                                  Strings
                                                                                                                  • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\thread_specific.cpp, xrefs: 00007FFD9A0AA9CC
                                                                                                                  • TLS capacity depleted, xrefs: 00007FFD9A0AA9C5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001D.00000002.3370728800.00007FFD9A041000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD9A040000, based on PE: true
                                                                                                                  • Associated: 0000001D.00000002.3370672628.00007FFD9A040000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3370958797.00007FFD9A0EA000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371064104.00007FFD9A115000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371137536.00007FFD9A117000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371185937.00007FFD9A11A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  • Associated: 0000001D.00000002.3371244583.00007FFD9A11D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_29_2_7ffd9a040000_spoolsv.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Alloc
                                                                                                                  • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\thread_specific.cpp$TLS capacity depleted
                                                                                                                  • API String ID: 2773662609-3276512853
                                                                                                                  • Opcode ID: 42257bb316c38b4434ae9edf39a9874abfcc27e038a4808b61ea6988e3d81818
                                                                                                                  • Instruction ID: 0c4557bff0d019024c9b76b94e22e8ff4bc18cdb114ba4aaf610638f971964bb
                                                                                                                  • Opcode Fuzzy Hash: 42257bb316c38b4434ae9edf39a9874abfcc27e038a4808b61ea6988e3d81818
                                                                                                                  • Instruction Fuzzy Hash: FFE09236F0450BC6E73C9BE5F4644A43321EF04754F280670CA2E5B6E8EE3CB49AA741

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD346A2131 Relevance: 7.1, Strings: 5, Instructions: 882COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @eY4$HAY4$HAY4$HAY4$HAY4
                                                                                                                  • API String ID: 0-3335457978
                                                                                                                  • Opcode ID: d59294110ab7b694f2df60ecdff17aa8f3401470cf9598ede96e2a29aa5000af
                                                                                                                  • Instruction ID: cc0e2012bd6e92f3dc884ebc761d634efe3700ad2e77c881cd97df1beb50ed43
                                                                                                                  • Opcode Fuzzy Hash: d59294110ab7b694f2df60ecdff17aa8f3401470cf9598ede96e2a29aa5000af
                                                                                                                  • Instruction Fuzzy Hash: DB52A26071DA9A4FE78ADB2CC4A46A5B7E1EF56300B5801F9D44FCF293CD28AC52C741
                                                                                                                  Function 00007FFD346A0FF1 Relevance: 7.1, Strings: 5, Instructions: 879COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAY4$HAY4$HAY4$HAY4$`dY4
                                                                                                                  • API String ID: 0-1299947221
                                                                                                                  • Opcode ID: aacdb271bb003b4842e95a81765811bdf89720f25cf167c92513e75a06545595
                                                                                                                  • Instruction ID: 2f38c20b74a1674414858ff685b660f4e8364360d5d9576b0fd6ef846545e6c1
                                                                                                                  • Opcode Fuzzy Hash: aacdb271bb003b4842e95a81765811bdf89720f25cf167c92513e75a06545595
                                                                                                                  • Instruction Fuzzy Hash: E9420170B0DF454FE799DB2884A56F5B7E1EF96310F1401BAD58EC7293DE28E8428382
                                                                                                                  Function 00007FFD348F38F2 Relevance: 3.2, Strings: 2, Instructions: 722COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2275263949.00007FFD348F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd348f0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (_^$d._H
                                                                                                                  • API String ID: 0-1298079049
                                                                                                                  • Opcode ID: aaf367637969b74311597b601f4264450d2ac9b803530c0036f37c06dd6afbd8
                                                                                                                  • Instruction ID: 7332653592eceaa81786ca051007fa615fce84dc05cb2e009c602e259395b8de
                                                                                                                  • Opcode Fuzzy Hash: aaf367637969b74311597b601f4264450d2ac9b803530c0036f37c06dd6afbd8
                                                                                                                  • Instruction Fuzzy Hash: AAE1B217A0D7D25FE312A7B8A4B60EA3B94DF8332A71801B7D1CDCB493ED1D68469391
                                                                                                                  Function 00007FFD346A0A1D Relevance: 1.8, Strings: 1, Instructions: 556COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `]Y4
                                                                                                                  • API String ID: 0-885753684
                                                                                                                  • Opcode ID: 5e83554cd384fbe6103409b1bf7976a57b17a904a2fdd659f2a741cc86d1b0df
                                                                                                                  • Instruction ID: 5846470b5911607eeed92bbfa1b2549b9146e33a93c71c6dd112478ebb126cce
                                                                                                                  • Opcode Fuzzy Hash: 5e83554cd384fbe6103409b1bf7976a57b17a904a2fdd659f2a741cc86d1b0df
                                                                                                                  • Instruction Fuzzy Hash: 6312936070EE8A8FE799DF28C0A06A57BE1FF5A340F5441BAD54DCB283CE39A845D741
                                                                                                                  Function 00007FFD34760609 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: cs4
                                                                                                                  • API String ID: 0-1147710095
                                                                                                                  • Opcode ID: 4e4517ab916b7ce865a3e6d94bb26c5c83b870a782ee9dd25c839f56b300f75f
                                                                                                                  • Instruction ID: 2a56ff10d96a7f3338a968f34173c92fabbf31c38b18f0309c2d8d563274259a
                                                                                                                  • Opcode Fuzzy Hash: 4e4517ab916b7ce865a3e6d94bb26c5c83b870a782ee9dd25c839f56b300f75f
                                                                                                                  • Instruction Fuzzy Hash: A7C14F50B0DACA9FE79ADB3C81606257BE2AF47250B1400FAC14ECB6D3CE1D6C45D782
                                                                                                                  Function 00007FFD346A0A4D Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `]Y4
                                                                                                                  • API String ID: 0-885753684
                                                                                                                  • Opcode ID: d59d4ea96f0f0e92d06912a8e2a60d864c20dd8fa0bcceb5ed8eb34ea5472651
                                                                                                                  • Instruction ID: 0f9182eedbc1fdc946b89a2035589ae21f25af6128cd9512dba68caf2dc97108
                                                                                                                  • Opcode Fuzzy Hash: d59d4ea96f0f0e92d06912a8e2a60d864c20dd8fa0bcceb5ed8eb34ea5472651
                                                                                                                  • Instruction Fuzzy Hash: BF51A31070EBC98FE75A9B6C9461696BBE5EF5A340B5401BBE04DCF7D3CC58AC058316
                                                                                                                  Function 00007FFD346A1AB2 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAY4$HAY4
                                                                                                                  • API String ID: 0-514232916
                                                                                                                  • Opcode ID: 37e50c45cfb4d9d18adad578f028b33f96b3a532a10149116c269b220191c463
                                                                                                                  • Instruction ID: 49f836b6d9390070c79387cbb39f95f797c14ec99e9f689c9a6e2c746a2c7f9c
                                                                                                                  • Opcode Fuzzy Hash: 37e50c45cfb4d9d18adad578f028b33f96b3a532a10149116c269b220191c463
                                                                                                                  • Instruction Fuzzy Hash: 0A31CF52B0EE9A0FEB969A3848B52E17BE1EF57211B0901F7D149CB193ED0C9C469342
                                                                                                                  Function 00007FFD346A05E8 Relevance: .2, Instructions: 181COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 59f73a55182ee14ee506e8194c9dbebee5d91f2fae2b2bda03f79f9f8bf2edc8
                                                                                                                  • Instruction ID: a8f10a73d89f0f253c177f832b91cf78ab59eb1c6955e87ab09d7db32019bc21
                                                                                                                  • Opcode Fuzzy Hash: 59f73a55182ee14ee506e8194c9dbebee5d91f2fae2b2bda03f79f9f8bf2edc8
                                                                                                                  • Instruction Fuzzy Hash: FB51E460A0FAD65FD34B9B3888A94A07FA0EF4731075942FEC599CF1A3D91D684AC352
                                                                                                                  Function 00007FFD346A0901 Relevance: .1, Instructions: 124COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b97dc5e3d9d33354689e1dda9712d2a2fe193ccdd21a0bd646beba610fbde90d
                                                                                                                  • Instruction ID: 1868d964e66c164609408d2c42d68e647ab913110328e74051f4f60acb5be524
                                                                                                                  • Opcode Fuzzy Hash: b97dc5e3d9d33354689e1dda9712d2a2fe193ccdd21a0bd646beba610fbde90d
                                                                                                                  • Instruction Fuzzy Hash: E8311B30715D198FEB98FB6C84A9A6877E1EF5930274500B5E50ECB2A3DE68EC418751
                                                                                                                  Function 00007FFD346A1BA5 Relevance: .1, Instructions: 67COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1cf680f8f5782a6dabdb5ea3445a6703af6ef1cb3251e562bd8b1b821fa90cd4
                                                                                                                  • Instruction ID: 7fb1e10029705ed6350c94953f8994f9398603c02dbfe1fca4a28b90e12477bf
                                                                                                                  • Opcode Fuzzy Hash: 1cf680f8f5782a6dabdb5ea3445a6703af6ef1cb3251e562bd8b1b821fa90cd4
                                                                                                                  • Instruction Fuzzy Hash: 77112552B0EBCA0FE3CA9B3C54B12A03BE1EF56260B4900E7D449DF293E8186C45C392
                                                                                                                  Function 00007FFD346A089D Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e39ab0fbd77a1a0c0bdb309189b3cb65832678be597954adff1dfc5d4b24fc4f
                                                                                                                  • Instruction ID: d497ce3dca64e35ef2656df175468ec6d9794987fdeb4393b70d482df1f0cd82
                                                                                                                  • Opcode Fuzzy Hash: e39ab0fbd77a1a0c0bdb309189b3cb65832678be597954adff1dfc5d4b24fc4f
                                                                                                                  • Instruction Fuzzy Hash: 9CF0625090FFE64EEBC2BE3458A10957FE0DF47120B0904FBD588CA1A3D45C99858357
                                                                                                                  Function 00007FFD346A1C65 Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 78ddfe0df60aff00562fa502edf4c63923100105f26deee535b49df5d2d1fec8
                                                                                                                  • Instruction ID: 3653c3d816920e5641f8685c5dc8f31fd1183285dd05257d800a92b9b5014be6
                                                                                                                  • Opcode Fuzzy Hash: 78ddfe0df60aff00562fa502edf4c63923100105f26deee535b49df5d2d1fec8
                                                                                                                  • Instruction Fuzzy Hash: 6FF0EC41B0FE8A0FE393A77C18B21E82F928F8612074800F3E58DCF183DC4C680A8252
                                                                                                                  Function 00007FFD346A19D8 Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2273746771.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3b2f882230508c81e28b6fc82928c0708dd71048c98a776cb44ad2f76a968957
                                                                                                                  • Instruction ID: 24b50108cb66fd9018f8e330f46086dc6a8ad4285aa032692ab7b86f0bd2dcb5
                                                                                                                  • Opcode Fuzzy Hash: 3b2f882230508c81e28b6fc82928c0708dd71048c98a776cb44ad2f76a968957
                                                                                                                  • Instruction Fuzzy Hash: 47F08291A0FAC60FE786EF7884A65947FD19F5725070904FAC589CF193D81D28499305

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FFD347687C8 Relevance: 6.4, Strings: 5, Instructions: 166COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @_^$@_^$@_^$@_^$@_^
                                                                                                                  • API String ID: 0-3881977264
                                                                                                                  • Opcode ID: 6b86e71360317c6f74f1811c92ecf046141750d6b13c4871685a115360025835
                                                                                                                  • Instruction ID: 9063217444f6190eae949a6a12111851d962b77fa08d64485a69d45bbe2a095c
                                                                                                                  • Opcode Fuzzy Hash: 6b86e71360317c6f74f1811c92ecf046141750d6b13c4871685a115360025835
                                                                                                                  • Instruction Fuzzy Hash: D8512BB390D6829FE3115F7CAC551E97B95EB52338B0902F6C5E98B0E7EA1CB4098781
                                                                                                                  Function 00007FFD347689F2 Relevance: 6.4, Strings: 5, Instructions: 130COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @_^S$@_^W$@_^c$@_^k$@_^o
                                                                                                                  • API String ID: 0-2610165837
                                                                                                                  • Opcode ID: fada8e55b700b43fb56d18f180113cfe82467187ad05ed2db2aa204e08d8432d
                                                                                                                  • Instruction ID: 7490b54f6954e4d270c6fedc426485eb62f307177479a9733d9ba9d307b7f053
                                                                                                                  • Opcode Fuzzy Hash: fada8e55b700b43fb56d18f180113cfe82467187ad05ed2db2aa204e08d8432d
                                                                                                                  • Instruction Fuzzy Hash: D0411DD2A0E1C29BF3624AB8682516A7F95AF53334B1902F7C5DD8B0E7D91CA8059391
                                                                                                                  Function 00007FFD348F0088 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2275263949.00007FFD348F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD348F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd348f0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: C(_^$E(_I
                                                                                                                  • API String ID: 0-1416244330
                                                                                                                  • Opcode ID: d95fe47646dd4c0acf472d3d9e30ca98c0b4018a1b513c81da4f29c7e5e8763b
                                                                                                                  • Instruction ID: 587d5b94dad80344a903f4cc35239ade29051e566cccdfc6617995e6d6239c0a
                                                                                                                  • Opcode Fuzzy Hash: d95fe47646dd4c0acf472d3d9e30ca98c0b4018a1b513c81da4f29c7e5e8763b
                                                                                                                  • Instruction Fuzzy Hash: 5781B653B0E5D14FD711ABA8B4A50E93B50EF8362971842BBD1CC9B4D7ED18E889D384
                                                                                                                  Function 00007FFD347601C8 Relevance: 15.2, Strings: 12, Instructions: 250COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: rs4$0rs4$@rs4$DA_I$EA_I$Prs4$Xss4$`rs4$hss4$xss4$qs4$ss4
                                                                                                                  • API String ID: 0-544154109
                                                                                                                  • Opcode ID: 485b14d502142a0973aeb4cbc47fc6311fed8531e0688b26334faa763972a802
                                                                                                                  • Instruction ID: 40d6cf67587a47d33da79f3cc0fd6bffe4a786c40fb726ef8b8ae726a808ce19
                                                                                                                  • Opcode Fuzzy Hash: 485b14d502142a0973aeb4cbc47fc6311fed8531e0688b26334faa763972a802
                                                                                                                  • Instruction Fuzzy Hash: 5B71E593A0F6C14FE765C55D68A60F93B91EF8323871841BBE1C99A1DBA90CB80A56C4
                                                                                                                  Function 00007FFD347601C0 Relevance: 15.2, Strings: 12, Instructions: 243COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: rs4$0rs4$@rs4$DA_I$EA_I$Prs4$Xss4$`rs4$hss4$xss4$qs4$ss4
                                                                                                                  • API String ID: 0-544154109
                                                                                                                  • Opcode ID: cd835879d56f895924fd691328c95fe85e752a2cbbabcb6bb92668ec6044df16
                                                                                                                  • Instruction ID: 4238586597620f3b6dabff076319439b75e7a6b244c8d6910c84bb3c239fe6f3
                                                                                                                  • Opcode Fuzzy Hash: cd835879d56f895924fd691328c95fe85e752a2cbbabcb6bb92668ec6044df16
                                                                                                                  • Instruction Fuzzy Hash: 3D6119D3A0F6C14FE765C55C68A60F93B91EF8333871841BBE1C89A1DBA90CF80A56C4
                                                                                                                  Function 00007FFD347601E0 Relevance: 15.2, Strings: 12, Instructions: 228COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: rs4$0rs4$@rs4$DA_I$EA_I$Prs4$Xss4$`rs4$hss4$xss4$qs4$ss4
                                                                                                                  • API String ID: 0-544154109
                                                                                                                  • Opcode ID: db4022bcc5bef275e90bb7a7115a5e95f604b8ebb4e29a35f8b1af727c6d0ce2
                                                                                                                  • Instruction ID: 90a4b2834262df329c3ddf0ce08e36abf423fbf7430bdd30c5896b08d3bff494
                                                                                                                  • Opcode Fuzzy Hash: db4022bcc5bef275e90bb7a7115a5e95f604b8ebb4e29a35f8b1af727c6d0ce2
                                                                                                                  • Instruction Fuzzy Hash: 7561F8D3A0F6C14FE365C55D68A60F93B91EF9323871841BBE1C89A1DF690CF80A56C4
                                                                                                                  Function 00007FFD347603D3 Relevance: 7.7, Strings: 6, Instructions: 213COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001F.00000002.2274119466.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_31_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (xs4$0^s4$CA_I$Hxs4$hws4$ws4
                                                                                                                  • API String ID: 0-2489173300
                                                                                                                  • Opcode ID: 0dced171a56062966cbd45ed165584b8e85e41c8bf64f5dbfbb50bf813d0d887
                                                                                                                  • Instruction ID: 853a5851cd49c0eaff7a89661172e5ea616dcabef3ebdc7ef3b95beaffda37fd
                                                                                                                  • Opcode Fuzzy Hash: 0dced171a56062966cbd45ed165584b8e85e41c8bf64f5dbfbb50bf813d0d887
                                                                                                                  • Instruction Fuzzy Hash: C051D5A2A0E7C18FE375C61854A51AA7BE1EF57224F1841BFD4CEC7197D918B80683C2

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD34672098 Relevance: 7.2, Strings: 5, Instructions: 945COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @eV4$HAV4$HAV4$HAV4$HAV4
                                                                                                                  • API String ID: 0-3751007352
                                                                                                                  • Opcode ID: 3f985d3c66fc2160ed3b1267d10e05d5e408b85723762acac8037adb84ffea6e
                                                                                                                  • Instruction ID: 663035515fa861793d89096a1e12d094a4ac6227dfb8afab30d9fa4fc0fc7972
                                                                                                                  • Opcode Fuzzy Hash: 3f985d3c66fc2160ed3b1267d10e05d5e408b85723762acac8037adb84ffea6e
                                                                                                                  • Instruction Fuzzy Hash: 1362E32071CA8A4FEB99DB2C84E16B57BE1EF5B34471841F9D18ECB297CD28EC429741
                                                                                                                  Function 00007FFD34670FF1 Relevance: 7.1, Strings: 5, Instructions: 879COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAV4$HAV4$HAV4$HAV4$`dV4
                                                                                                                  • API String ID: 0-1411859991
                                                                                                                  • Opcode ID: 46a9074a15484c22e2c4fb55361cbeb6e1f107aa227111df8220fd2da5f7ed31
                                                                                                                  • Instruction ID: b5ecd034439eff06cac61089e9e2d80d0afa4e43dccd41c51febafc7d6240431
                                                                                                                  • Opcode Fuzzy Hash: 46a9074a15484c22e2c4fb55361cbeb6e1f107aa227111df8220fd2da5f7ed31
                                                                                                                  • Instruction Fuzzy Hash: 5C421330B0CA454FE769DB2888A15F5BBE1EF96350F1445BED18EC7297DD28E8428781
                                                                                                                  Function 00007FFD34671AB2 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAV4$HAV4
                                                                                                                  • API String ID: 0-1870069362
                                                                                                                  • Opcode ID: 2ceb5c15037c98c1452ab822f4fdf1eb2b6dbb8989837a6ef1551a7c2d72ba69
                                                                                                                  • Instruction ID: c2db94ab586ccf12a0671554d73d61755d71c4afe1d5152ee2fc1de7151c01a0
                                                                                                                  • Opcode Fuzzy Hash: 2ceb5c15037c98c1452ab822f4fdf1eb2b6dbb8989837a6ef1551a7c2d72ba69
                                                                                                                  • Instruction Fuzzy Hash: 7231DF12B0DA9A0FE7A2977C58B62E17FE1EF5B211B0941F7C149CB293ED0C9C469352
                                                                                                                  Function 00007FFD34670A4D Relevance: 1.8, Strings: 1, Instructions: 555COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `]V4
                                                                                                                  • API String ID: 0-3008600987
                                                                                                                  • Opcode ID: 324bca2a8c98a16e28d61449fcedeac0e8e2b3579b4ea0a377b1e3ce8e54e514
                                                                                                                  • Instruction ID: 41909e0ccefb49a5ea56ced41da34868218f35591940fe5f9a77e819aa513035
                                                                                                                  • Opcode Fuzzy Hash: 324bca2a8c98a16e28d61449fcedeac0e8e2b3579b4ea0a377b1e3ce8e54e514
                                                                                                                  • Instruction Fuzzy Hash: A412912070CA498FE799DF2884A06E57FE1EF4B344F5482B9D18DC7287CE29F8469721
                                                                                                                  Function 00007FFD34730609 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292937954.00007FFD34730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34730000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34730000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: cp4
                                                                                                                  • API String ID: 0-1866856780
                                                                                                                  • Opcode ID: f93025e19a268ebc94305da24624f2c62dc53ce71ad564c4591c3583909d91eb
                                                                                                                  • Instruction ID: 73d81852292b44f1096e5ecfa7dea9fddcba0d0e916334c43d98c7e69ed915f8
                                                                                                                  • Opcode Fuzzy Hash: f93025e19a268ebc94305da24624f2c62dc53ce71ad564c4591c3583909d91eb
                                                                                                                  • Instruction Fuzzy Hash: B1C12050B0C9898FEB9ADB2880B46B47BE1AF4B344B2401E9D2CDDB1DBCD1DBC419791
                                                                                                                  Function 00007FFD346705E8 Relevance: .2, Instructions: 172COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ce902697abcc29a96b29f08ad9ca83980097ce5c78623a25b5acb1c8e0f05834
                                                                                                                  • Instruction ID: 5f2c66f8c726121d6377008f9b5d5955faa96e0a60eb9c476e6c4090844b616f
                                                                                                                  • Opcode Fuzzy Hash: ce902697abcc29a96b29f08ad9ca83980097ce5c78623a25b5acb1c8e0f05834
                                                                                                                  • Instruction Fuzzy Hash: 8E51D22090E6D55FE31A973888A94A07FE0EF4731071982FEC589CF2A7D929AC57D352
                                                                                                                  Function 00007FFD34670901 Relevance: .1, Instructions: 124COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9c69719da2c0359edcf4837909cc5c22a78a322c1774f8382b7c4f5229fff2ef
                                                                                                                  • Instruction ID: 9c6d9d99cf986ccd209b4e808440cfd709ba670b5cfec5f6cb40134d5a75e10f
                                                                                                                  • Opcode Fuzzy Hash: 9c69719da2c0359edcf4837909cc5c22a78a322c1774f8382b7c4f5229fff2ef
                                                                                                                  • Instruction Fuzzy Hash: 55312C307159198FEB98FB6CC4A9AA837E1FF59302B4500B5E10DCB2A3EE68EC418741
                                                                                                                  Function 00007FFD34671BA5 Relevance: .1, Instructions: 67COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 420b9248311e47f60299709c2fb927d184fd3be6a3cd14b6ac77aa5961865d80
                                                                                                                  • Instruction ID: 4a6cea8c00f05e1e917a900edc053686bc9aec9592841a9ece98781e92d831f1
                                                                                                                  • Opcode Fuzzy Hash: 420b9248311e47f60299709c2fb927d184fd3be6a3cd14b6ac77aa5961865d80
                                                                                                                  • Instruction Fuzzy Hash: A9114801B0DA894FE79A9B3C18F12E03FD1EF4B25474812E7C149DB293D91C6C42C352
                                                                                                                  Function 00007FFD3467089D Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 255b0e6d1a2b5fc8cfa0dfdfc00ef5bdfaffe865edfe45500ea66692e8ec297e
                                                                                                                  • Instruction ID: 6716522f8803523be96cf7c4d1b1cf5f06690dcff61d181b633a73820842be7e
                                                                                                                  • Opcode Fuzzy Hash: 255b0e6d1a2b5fc8cfa0dfdfc00ef5bdfaffe865edfe45500ea66692e8ec297e
                                                                                                                  • Instruction Fuzzy Hash: 86F0811094EB964EEB42BB385CA54E57FE09F47220B0909FBD5C8CB0A7D81CD98593A2
                                                                                                                  Function 00007FFD34671C65 Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: be6f5229bbe97177e8c45115f9736b09024481ab5d029e417698cfb6d8056cfc
                                                                                                                  • Instruction ID: 238ac74c79b4c58df8d1d40f652301bef512ced547b8dbf06f2a6e9af6b13d7e
                                                                                                                  • Opcode Fuzzy Hash: be6f5229bbe97177e8c45115f9736b09024481ab5d029e417698cfb6d8056cfc
                                                                                                                  • Instruction Fuzzy Hash: BDF02701B0EA850FE752A77C18B11E82FD6CF4B11074800F3D58CCB1D7DC4C6C068212
                                                                                                                  Function 00007FFD346719D8 Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 95976d0a474b37eff50a52926833865f1cdf379603f7a59a7deae3cb6e7e192d
                                                                                                                  • Instruction ID: b1b9b845bf7e3aeb80f6d556e2d7231eeca7a03f55f100edd84c8a49ea6afef4
                                                                                                                  • Opcode Fuzzy Hash: 95976d0a474b37eff50a52926833865f1cdf379603f7a59a7deae3cb6e7e192d
                                                                                                                  • Instruction Fuzzy Hash: D6F08210A0EAC60FE796A7B845B54D47FD19F0B25070855FAC589CF197D81D6846E311
                                                                                                                  Function 00007FFD34671AD0 Relevance: .0, Instructions: 19COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292612271.00007FFD34670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34670000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34670000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 87a8c60add506ce00a26f3457d30c645abf6528e46b738359f92629a79856973
                                                                                                                  • Instruction ID: 941624963ea2a10753068bd3716f666d9d747be354d9b0e262eafeabb4cea84b
                                                                                                                  • Opcode Fuzzy Hash: 87a8c60add506ce00a26f3457d30c645abf6528e46b738359f92629a79856973
                                                                                                                  • Instruction Fuzzy Hash: 48C01211B15C2B05756422AE2CA95F799C8EB86161B845277E508D1184EC4D8D8192E1

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FFD34730CB6 Relevance: 10.5, Strings: 8, Instructions: 463COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292937954.00007FFD34730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34730000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34730000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 7D_$8D_I$@}p4$H{p4$X{p4$`}p4$h{p4$x{p4
                                                                                                                  • API String ID: 0-2905786450
                                                                                                                  • Opcode ID: 0285e622d511861e920906be4368e4b15bc71766149312fb7fd880213e0f15be
                                                                                                                  • Instruction ID: b937dbe8b17dcc92f3c54774f3f61732352790fec08c540bc8daf88e4ddc04d5
                                                                                                                  • Opcode Fuzzy Hash: 0285e622d511861e920906be4368e4b15bc71766149312fb7fd880213e0f15be
                                                                                                                  • Instruction Fuzzy Hash: 56E19393A0F6C14ED35356BC58750E57FE1EF8322472981FBD1C48E1ABD819A80AD3C2
                                                                                                                  Function 00007FFD347301C8 Relevance: 11.5, Strings: 9, Instructions: 257COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292937954.00007FFD34730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34730000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34730000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (xp4$ED_I$I$Psp4$Xup4$hup4$psp4$qp4$wp4
                                                                                                                  • API String ID: 0-3220261418
                                                                                                                  • Opcode ID: bac08c559f4f5631c5fa02153dfa37faa0c9796b7df6b85c39a8ed3cdb0f730c
                                                                                                                  • Instruction ID: 326714865b7b5083c54675d781738aa877974a0787facd43d6877c0e027ff81e
                                                                                                                  • Opcode Fuzzy Hash: bac08c559f4f5631c5fa02153dfa37faa0c9796b7df6b85c39a8ed3cdb0f730c
                                                                                                                  • Instruction Fuzzy Hash: 6781D983B0F1C18BE71595AC68B50F97BD0DF8326572841BBD5C8DA1DB9C08F80A93C6
                                                                                                                  Function 00007FFD34735BC7 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292937954.00007FFD34730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34730000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34730000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (}4$8}4$H}4$X}4$h}4$x}4$C_I
                                                                                                                  • API String ID: 0-1071030473
                                                                                                                  • Opcode ID: 3f921f440b33075f26ed1d44c947081173a569cfadfb973e5f8e5f3d48c9638c
                                                                                                                  • Instruction ID: 4d0b0ccbb9a41c8216ec8dc7d17f73c21609c1c2129387e23be33be440a4aedd
                                                                                                                  • Opcode Fuzzy Hash: 3f921f440b33075f26ed1d44c947081173a569cfadfb973e5f8e5f3d48c9638c
                                                                                                                  • Instruction Fuzzy Hash: C801B9C7E2F9C28BF6D7464858F102869D0AB4355477845B7E0D98A1CBE80CFD0E92C1
                                                                                                                  Function 00007FFD347315FA Relevance: 5.5, Strings: 4, Instructions: 453COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292937954.00007FFD34730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34730000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34730000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: +D_^$,D_^$.D_^$0D_I
                                                                                                                  • API String ID: 0-3166315083
                                                                                                                  • Opcode ID: 7c1caa543848346465424b294eec1c67ebe44ba59312d38d212a6a50e843f6fe
                                                                                                                  • Instruction ID: e0f1aa0c5cf2548ea55578c0e3217cb673da8e089463625845d6b5f8256c7652
                                                                                                                  • Opcode Fuzzy Hash: 7c1caa543848346465424b294eec1c67ebe44ba59312d38d212a6a50e843f6fe
                                                                                                                  • Instruction Fuzzy Hash: E9D1E983B0F5C14BE31655AC68790B97BD0EFD326972881FBD1C88E19BD918B90E93C5
                                                                                                                  Function 00007FFD34730DFA Relevance: 5.3, Strings: 4, Instructions: 343COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000021.00000002.2292937954.00007FFD34730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34730000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_33_2_7ffd34730000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 7D_$8D_I$@}p4$`}p4
                                                                                                                  • API String ID: 0-1230826663
                                                                                                                  • Opcode ID: 036de2d3a7fafecdecc840f57a88ed0024295ffeb5be3c6ce11c9f05aab9ffe6
                                                                                                                  • Instruction ID: 56bf225d902f47d4d7cf497842537d18ac6fed172c50546eabc808f819effd1a
                                                                                                                  • Opcode Fuzzy Hash: 036de2d3a7fafecdecc840f57a88ed0024295ffeb5be3c6ce11c9f05aab9ffe6
                                                                                                                  • Instruction Fuzzy Hash: 89A1EC93B0F5C18FD611A6ACA4B50E97BD0EF8321576881FBD1C89F19B9818F80AD7C1

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD34682131 Relevance: 55.9, Strings: 44, Instructions: 884COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @eW4$HAW4$HAW4$HAW4$HAW4$X7?$`7?$`7?$h7?$h7?$p7?$p7?$x6?$x7?$x7?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?$Z?
                                                                                                                  • API String ID: 0-2810127347
                                                                                                                  • Opcode ID: 42725625f3fea68cacde51daaff2deef689a9a005f1fd1c403f2583e04fb618d
                                                                                                                  • Instruction ID: fdfe84a07dcc5f7756d2e0ee85202a55dc5effb4a11c2c9cdb90999f3251de0f
                                                                                                                  • Opcode Fuzzy Hash: 42725625f3fea68cacde51daaff2deef689a9a005f1fd1c403f2583e04fb618d
                                                                                                                  • Instruction Fuzzy Hash: C0521770B18A4A4FE799DB2CC4A56B977D2EF6A304B4500B9E44ECB2D3DD29EC46C740
                                                                                                                  Function 00007FFD34680FF1 Relevance: 14.6, Strings: 11, Instructions: 879COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (7?$(7?$07?$07?$87?$@7?$HAW4$HAW4$HAW4$HAW4$`dW4
                                                                                                                  • API String ID: 0-2636567485
                                                                                                                  • Opcode ID: b76be7f78e52191aa4430a21e65879f90fe8d3e30aef80149a69004d56f1d0b7
                                                                                                                  • Instruction ID: d95aa0b6816145ed35c89d932075835933fa4744bc33cf148555c38abe57bd18
                                                                                                                  • Opcode Fuzzy Hash: b76be7f78e52191aa4430a21e65879f90fe8d3e30aef80149a69004d56f1d0b7
                                                                                                                  • Instruction Fuzzy Hash: 6D420270B0CB454FE7A9DB2884A56F5B7E1EF96310F14057EE18EC7292DE29AC428381
                                                                                                                  Function 00007FFD34680A1D Relevance: 5.6, Strings: 4, Instructions: 556COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 7?$`]W4$6?$6?
                                                                                                                  • API String ID: 0-2621429891
                                                                                                                  • Opcode ID: f57f7f2ec864b34024673025829ae085a1705721cf63797d765b7a167e914261
                                                                                                                  • Instruction ID: cab0acdc3cafcbb21df47f36c100f692bde4ac8685b73c869aafacfd10d7ed89
                                                                                                                  • Opcode Fuzzy Hash: f57f7f2ec864b34024673025829ae085a1705721cf63797d765b7a167e914261
                                                                                                                  • Instruction Fuzzy Hash: BB02B331B0CB498FE7A9DF2C80A06A577D2FF5A304F5145BAE44DC72C3DE2AA8468751
                                                                                                                  Function 00007FFD34681AB2 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAW4$HAW4$Z?
                                                                                                                  • API String ID: 0-2502698070
                                                                                                                  • Opcode ID: 38fa2d14cec11dc70b079c5c79eae96e9aca78eaefb037b564ded2eb4eb78be8
                                                                                                                  • Instruction ID: d29769f4642971e33ec39c791b10f79aa18714005d60d818a21623f83c254bb3
                                                                                                                  • Opcode Fuzzy Hash: 38fa2d14cec11dc70b079c5c79eae96e9aca78eaefb037b564ded2eb4eb78be8
                                                                                                                  • Instruction Fuzzy Hash: F031F412B0DA9A0FE796973C98B52F17BE1EF9B211B0901F7D188CB193ED0D9C469352
                                                                                                                  Function 00007FFD34681BA5 Relevance: 3.8, Strings: 3, Instructions: 67COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: X7?$Z?$Z?
                                                                                                                  • API String ID: 0-1664968453
                                                                                                                  • Opcode ID: 9de406b52a250ab1f8786a206f7d838d18e6e39845af155ea4286e0b3fe121eb
                                                                                                                  • Instruction ID: 3a5403237fee86db7d3d5d8edfe11fde421ebc5338789de3d04e1db02ea66236
                                                                                                                  • Opcode Fuzzy Hash: 9de406b52a250ab1f8786a206f7d838d18e6e39845af155ea4286e0b3fe121eb
                                                                                                                  • Instruction Fuzzy Hash: 5C114852F0DB990FE3DA9A2C14B12E43BD1EFAA25574900E7E409CB292F9195C028351
                                                                                                                  Function 00007FFD346805E8 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: H7?$P7?
                                                                                                                  • API String ID: 0-1158684014
                                                                                                                  • Opcode ID: 07e71a1d7b524c6981f45f6958700a2495664c4120249ac2c6d8dfeb8bb14247
                                                                                                                  • Instruction ID: ee0202eca42fe0674fad5b5abe940e50e94fde47e8bfb8b5639ef085df5c8c9f
                                                                                                                  • Opcode Fuzzy Hash: 07e71a1d7b524c6981f45f6958700a2495664c4120249ac2c6d8dfeb8bb14247
                                                                                                                  • Instruction Fuzzy Hash: 46511560A0E79A4FD35B9B3888A94E07FA0EF4731075942FED499CF1A3D91D684BC352
                                                                                                                  Function 00007FFD346819D8 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: H7?$P7?
                                                                                                                  • API String ID: 0-1158684014
                                                                                                                  • Opcode ID: 329e8a93cd58346e27c2bf1265c258eeee436406d0cf0d55a0c263c1d97be39a
                                                                                                                  • Instruction ID: b1024f2c0a5ccb45f998017c105ffead27e86cf6183af5ab87de2bae1ce22bd1
                                                                                                                  • Opcode Fuzzy Hash: 329e8a93cd58346e27c2bf1265c258eeee436406d0cf0d55a0c263c1d97be39a
                                                                                                                  • Instruction Fuzzy Hash: AAF082A1A0FB8A4FE796EA7844A55D47BC2AF5725074504FAD449CF1A3F81E1C498311
                                                                                                                  Function 00007FFD34740609 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2313385162.00007FFD34740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34740000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34740000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: cq4
                                                                                                                  • API String ID: 0-1985923085
                                                                                                                  • Opcode ID: 180c96ba7876bc48cc6ce22e0f4119029ebdd0ccb7e1e3a2928e9a2bc196b988
                                                                                                                  • Instruction ID: a3d277dbc1afba7b33bf25c65e15411c91a64ffa832be09994866ce68fd72c38
                                                                                                                  • Opcode Fuzzy Hash: 180c96ba7876bc48cc6ce22e0f4119029ebdd0ccb7e1e3a2928e9a2bc196b988
                                                                                                                  • Instruction Fuzzy Hash: E8C177A0B0CA8A8FE799DB2C80B077437D2EF5B344B5500BAE54ECB3D2DD196C459791
                                                                                                                  Function 00007FFD34680A4D Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `]W4
                                                                                                                  • API String ID: 0-2856889050
                                                                                                                  • Opcode ID: 3440eabfff1fbb07bd18c3ac23e057bb68b440deb57c5f12630c83d4046d7a36
                                                                                                                  • Instruction ID: 03de39ad4926d50440ed7d12f1053e72919804be1316f8e06d31eb6b5e532aa5
                                                                                                                  • Opcode Fuzzy Hash: 3440eabfff1fbb07bd18c3ac23e057bb68b440deb57c5f12630c83d4046d7a36
                                                                                                                  • Instruction Fuzzy Hash: FB51C160B0CB498FE759AB6C94A069AB7D1FF5A344B9502BBF04DCB3D3DC19AC068311
                                                                                                                  Function 00007FFD3468089D Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Z?
                                                                                                                  • API String ID: 0-1237121376
                                                                                                                  • Opcode ID: f0cbb590b51712dd84d15d3cbec67a79fe7e89a6f90a863eee9ef2524dde3b03
                                                                                                                  • Instruction ID: 800dbfb2660a37b0a3776c7cd6299d89e26a0865ea9aaf3260e0c96fbc18a88c
                                                                                                                  • Opcode Fuzzy Hash: f0cbb590b51712dd84d15d3cbec67a79fe7e89a6f90a863eee9ef2524dde3b03
                                                                                                                  • Instruction Fuzzy Hash: 7DF0F91090DBA50FEB92BB7858A10E57FD08F47110F0A08FBE48CD70A3E41C98858352
                                                                                                                  Function 00007FFD34681C65 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Z?
                                                                                                                  • API String ID: 0-1237121376
                                                                                                                  • Opcode ID: 221bda81c7fbf4746173950be94b2b423063e8bcbb08d9d3dd61324d873fad16
                                                                                                                  • Instruction ID: a247de4b556f1868f9785c8f81c6eb0e8796acb042a757f4c0b02c2093bf2b5f
                                                                                                                  • Opcode Fuzzy Hash: 221bda81c7fbf4746173950be94b2b423063e8bcbb08d9d3dd61324d873fad16
                                                                                                                  • Instruction Fuzzy Hash: 61F02042F0EA9A0FE3A2A76C18B21E82BC29F8A11074900F3E54CCB1C3EC4D6D068252
                                                                                                                  Function 00007FFD34680901 Relevance: .1, Instructions: 124COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d1d13bd5d5cdd5241b0540cd6cad6b1dffbf12c67d10d31c3bb05d1caa9e901c
                                                                                                                  • Instruction ID: 9ff1ecc309019c3576f68f4dbd35168b835eda510769729a58f7eb25cca35072
                                                                                                                  • Opcode Fuzzy Hash: d1d13bd5d5cdd5241b0540cd6cad6b1dffbf12c67d10d31c3bb05d1caa9e901c
                                                                                                                  • Instruction Fuzzy Hash: 00310C31715D198FEBD8FB6CC4A9A6837E1FF5930274500B5E40ECB2A2EE69EC418741

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FFD34743DE6 Relevance: 30.5, Strings: 24, Instructions: 489COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2313385162.00007FFD34740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34740000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34740000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: C_I$ b~4$ }~4$ ~~4$(d~4$0b~4$0}~4$8d~4$@b~4$@}~4$Hd~4$Pb~4$P}~4$Xd~4$`b~4$`}~4$hd~4$p\~4$pb~4$p|~4$p}~4$b~4$|~4$}~4
                                                                                                                  • API String ID: 0-1445040728
                                                                                                                  • Opcode ID: b28ad249a8e55014136185be20c2c7613d651b232bf0aa8ad4664ae3f6cd09a1
                                                                                                                  • Instruction ID: 863b7be008c2853ae28a9a84d0f03a7dfa411abd490897e844e5a4b14f564c13
                                                                                                                  • Opcode Fuzzy Hash: b28ad249a8e55014136185be20c2c7613d651b232bf0aa8ad4664ae3f6cd09a1
                                                                                                                  • Instruction Fuzzy Hash: 9EE1B3C3B0F5C14FF765456D6CA00397E90EB9366471803FBE1E88A3EB9818E94A93D1
                                                                                                                  Function 00007FFD347401C8 Relevance: 6.7, Strings: 5, Instructions: 442COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2313385162.00007FFD34740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34740000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34740000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 0^q4$CC_I$DC_I$EC_I$?~4
                                                                                                                  • API String ID: 0-4008473141
                                                                                                                  • Opcode ID: f374cc404479481692add08f258de2686fa88ca6c40315294c40ab1fa3dfa08f
                                                                                                                  • Instruction ID: a7b7e631047578d6bfc54f78d4768472ec72d0b625295530d5d4a5dc55c4dbf6
                                                                                                                  • Opcode Fuzzy Hash: f374cc404479481692add08f258de2686fa88ca6c40315294c40ab1fa3dfa08f
                                                                                                                  • Instruction Fuzzy Hash: 56D1E5D3A0FAC18FE765495C28A51797B90EF93254B0802BFD1D89B2DBD818FD4A53C1
                                                                                                                  Function 00007FFD347401C0 Relevance: 6.7, Strings: 5, Instructions: 431COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2313385162.00007FFD34740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34740000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34740000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 0^q4$CC_I$DC_I$EC_I$?~4
                                                                                                                  • API String ID: 0-4008473141
                                                                                                                  • Opcode ID: 28434293cb9bb42c32516cc22b1e21b81c92bbd561206f99854982c1622b27ec
                                                                                                                  • Instruction ID: 763e0aa68c836842faa82552d6637f37eaf442e2b548d6dd25fc11f3c8b34d30
                                                                                                                  • Opcode Fuzzy Hash: 28434293cb9bb42c32516cc22b1e21b81c92bbd561206f99854982c1622b27ec
                                                                                                                  • Instruction Fuzzy Hash: ADD1E593A0FAC18FE7654A5C28A51797B90EFD3254B0842BFD1D89B2DBD818FD4A43C1
                                                                                                                  Function 00007FFD347401E0 Relevance: 6.7, Strings: 5, Instructions: 416COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2313385162.00007FFD34740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34740000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34740000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 0^q4$CC_I$DC_I$EC_I$?~4
                                                                                                                  • API String ID: 0-4008473141
                                                                                                                  • Opcode ID: 35659b21f4eb23eb9bb2d4390e811940b1a601199ea17855b00f95ed53411eab
                                                                                                                  • Instruction ID: 1eabeba1e9dafc8d4a70b5df89264eab38420871ba9289dc115b7eb5e18ddce6
                                                                                                                  • Opcode Fuzzy Hash: 35659b21f4eb23eb9bb2d4390e811940b1a601199ea17855b00f95ed53411eab
                                                                                                                  • Instruction Fuzzy Hash: 4EC1D4D3A0FAC08FE765495C28A51797B90EFD3254B1842BFD1D89B2DBD818FD4A8381
                                                                                                                  Function 00007FFD346813E2 Relevance: 5.3, Strings: 4, Instructions: 281COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000023.00000002.2312990543.00007FFD34680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34680000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_35_2_7ffd34680000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 87?$HAW4$HAW4$HAW4
                                                                                                                  • API String ID: 0-2841638137
                                                                                                                  • Opcode ID: 5cd41725997c1d50d6e6b2b6a47df99a54fde0b285726b1e1998c2cc70ea3e17
                                                                                                                  • Instruction ID: f21dd376d137d0d4cbfeb169643df52579f43687c6fb672ca261c874c3da9569
                                                                                                                  • Opcode Fuzzy Hash: 5cd41725997c1d50d6e6b2b6a47df99a54fde0b285726b1e1998c2cc70ea3e17
                                                                                                                  • Instruction Fuzzy Hash: FB812A21B18F4A4FE3A5EB6884A56F677E2FF56244B44057AD08FD7293DD2CAC038351

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD34765FF2 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326677814.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @_^
                                                                                                                  • API String ID: 0-3929387486
                                                                                                                  • Opcode ID: 8de667d3de0ed6d6130d9c603117c1d67181be9601853eae69b90787d94719a4
                                                                                                                  • Instruction ID: b6420b559b6cc57331e813adb609382e39077b955ca40c45f787a0d8d3b3549e
                                                                                                                  • Opcode Fuzzy Hash: 8de667d3de0ed6d6130d9c603117c1d67181be9601853eae69b90787d94719a4
                                                                                                                  • Instruction Fuzzy Hash: 79B17217B0D1964AE321B6FCB46A1EE3B94DF8633A70841B7D1CDDA4E3DC0C644A9395
                                                                                                                  Function 00007FFD346A2357 Relevance: 8.2, Strings: 6, Instructions: 688COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @eY4$HAY4$HAY4$HAY4$HAY4$`]Y4
                                                                                                                  • API String ID: 0-4028508201
                                                                                                                  • Opcode ID: 2086ba5048e705dbc83a58a579609891448172fbdcb700d76cc2691ce6f8c8d7
                                                                                                                  • Instruction ID: 2ba152fc03297875d8341886588b54efd3bcb80e7d60310a6effad577c1d1b34
                                                                                                                  • Opcode Fuzzy Hash: 2086ba5048e705dbc83a58a579609891448172fbdcb700d76cc2691ce6f8c8d7
                                                                                                                  • Instruction Fuzzy Hash: E1222761B1EA994FE799DB2884A5AB977E1EF56314F1401BDD08FCB2D3CD2CB8028741
                                                                                                                  Function 00007FFD346A0FF1 Relevance: 7.2, Strings: 5, Instructions: 905COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAY4$HAY4$HAY4$HAY4$`dY4
                                                                                                                  • API String ID: 0-1299947221
                                                                                                                  • Opcode ID: 2a62ce0a920416a8cd6c99242a5b71a3e0798be57f0a082503c721761677517b
                                                                                                                  • Instruction ID: 525c9cec8ae53e544e0b897314dc84860d16eb5c8bd41d08fa2ae7446506752c
                                                                                                                  • Opcode Fuzzy Hash: 2a62ce0a920416a8cd6c99242a5b71a3e0798be57f0a082503c721761677517b
                                                                                                                  • Instruction Fuzzy Hash: 1B5221B0B0EE854FE799DB2884A56F5B7E1EF96314F1405BED18EC7293DD28AC428341
                                                                                                                  Function 00007FFD346A1AB2 Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HAY4$HAY4
                                                                                                                  • API String ID: 0-514232916
                                                                                                                  • Opcode ID: fb55b1caa41a677ef2dc9918c945df6f7dfcb9172b123ef18abeb65c0bef4969
                                                                                                                  • Instruction ID: 2ba258cebcd7b31f3e07444cb9889ec3238bd97d7109e96b2dcac8bc12845be6
                                                                                                                  • Opcode Fuzzy Hash: fb55b1caa41a677ef2dc9918c945df6f7dfcb9172b123ef18abeb65c0bef4969
                                                                                                                  • Instruction Fuzzy Hash: AB31F592B0EE9A0FE7969B3848B51F57BE1EF57211B0901FBC149CB1A3ED0C5C469302
                                                                                                                  Function 00007FFD346A0A1D Relevance: 1.9, Strings: 1, Instructions: 667COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `]Y4
                                                                                                                  • API String ID: 0-885753684
                                                                                                                  • Opcode ID: 47ff0ff75433e095d1f92a4ad03cf7a85eaba91bf62279831fda1fdafb519f34
                                                                                                                  • Instruction ID: c6645a2bfa1363225ed843b5a64ce9fdd2520e4fc85a17a1352ebe115d76d6ff
                                                                                                                  • Opcode Fuzzy Hash: 47ff0ff75433e095d1f92a4ad03cf7a85eaba91bf62279831fda1fdafb519f34
                                                                                                                  • Instruction Fuzzy Hash: 1032D1A1B0EE898FE789DF6884A0AE57BE1EF47304F1405B9C14ED72D3CA6DB8059711
                                                                                                                  Function 00007FFD346A0A4D Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `]Y4
                                                                                                                  • API String ID: 0-885753684
                                                                                                                  • Opcode ID: 9f5ccebd8c6052a86b2a4f4ff5c18a56fd35914a3b9f573ae26eb1af97b6e30f
                                                                                                                  • Instruction ID: b6eb7301bbc7365861e0375b6a2b53128f0e50f737abc421a228452f11afcaa0
                                                                                                                  • Opcode Fuzzy Hash: 9f5ccebd8c6052a86b2a4f4ff5c18a56fd35914a3b9f573ae26eb1af97b6e30f
                                                                                                                  • Instruction Fuzzy Hash: AE51B251B0EE498FF7489F6C94A0AA5B7E1EF5A351F5401BAE14DC72D3CC5CBC058221
                                                                                                                  Function 00007FFD347606ED Relevance: .4, Instructions: 388COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326677814.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 72ed34f174722dbb3ead73cc0fc62741c6b995b8aa459c4b9b4cc555fad96f30
                                                                                                                  • Instruction ID: 4ae3d18eff3f82d9da8e3f16d0e4da3d6e6d20771cba33d1a2d1255bdca34460
                                                                                                                  • Opcode Fuzzy Hash: 72ed34f174722dbb3ead73cc0fc62741c6b995b8aa459c4b9b4cc555fad96f30
                                                                                                                  • Instruction Fuzzy Hash: 33D1B0A0B0D6CA9FF78DD6388475A783BE2AF56264B0404BDC18EDB1E3CE5C78049791
                                                                                                                  Function 00007FFD346A05E8 Relevance: .2, Instructions: 187COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 86a4e26c1b822f2c3305892732b1b10b489dffc736ac67c8b9064a32a8c22d3b
                                                                                                                  • Instruction ID: c4f4fc9a56680c07a11d20cef72e6fae6af74f3b821db9cfbbdd2a82db17141c
                                                                                                                  • Opcode Fuzzy Hash: 86a4e26c1b822f2c3305892732b1b10b489dffc736ac67c8b9064a32a8c22d3b
                                                                                                                  • Instruction Fuzzy Hash: B251D5A1A0FA965FD34A9B3888A94E07FE0EF4331075942FEC199CF1A3D51D684AC352
                                                                                                                  Function 00007FFD346A0901 Relevance: .1, Instructions: 127COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3bb250c08dab135edcce36b315ef607bdb3d16f1ac1fce8650ad2b0a8194e58a
                                                                                                                  • Instruction ID: efa9e46a70e15a83f50c3ade6b3cf3a99f92493301ccee9863b7f7f3a0f60aa0
                                                                                                                  • Opcode Fuzzy Hash: 3bb250c08dab135edcce36b315ef607bdb3d16f1ac1fce8650ad2b0a8194e58a
                                                                                                                  • Instruction Fuzzy Hash: BC313F70709D198FEB98FB6C84A9A6837E1FF5930274500B5E10ECB2A3DE68EC418751
                                                                                                                  Function 00007FFD346A1BA5 Relevance: .1, Instructions: 75COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4cf709ba537b183d50028d132ba3961a4b403ef2a5671643d665c31d67e43905
                                                                                                                  • Instruction ID: 7b3cada1b2f1a3d5cb1c97a7847ea10accca1a81488cd61e174b6eb35df2ff7d
                                                                                                                  • Opcode Fuzzy Hash: 4cf709ba537b183d50028d132ba3961a4b403ef2a5671643d665c31d67e43905
                                                                                                                  • Instruction Fuzzy Hash: 70115992F0FA854FE7D99B3814B52E43BE1EF2625674400FBC009DF1D2E95C28058312
                                                                                                                  Function 00007FFD346A089D Relevance: .0, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4bb7fa26afe6e190addea5127c079dd70ef8c51f9c82c16fe60004463c105b1f
                                                                                                                  • Instruction ID: b8f4a2fdb69780b6a56ba65f3d410cfee3230eede4214d5992754e2933ba552a
                                                                                                                  • Opcode Fuzzy Hash: 4bb7fa26afe6e190addea5127c079dd70ef8c51f9c82c16fe60004463c105b1f
                                                                                                                  • Instruction Fuzzy Hash: 8301A25090EFA24EEBC1BE3458A10E57FE0DF53120B0904FBD588D60A3D85CA8858353
                                                                                                                  Function 00007FFD346A1C65 Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 65021e00cf3d8e17b50141f0013b998d57f504341368d4dbabafbb9eee7e6d78
                                                                                                                  • Instruction ID: 7791a7cc83e667f962ff9f685dd5c2e0241b22ab2f4b083472036937fdc0414b
                                                                                                                  • Opcode Fuzzy Hash: 65021e00cf3d8e17b50141f0013b998d57f504341368d4dbabafbb9eee7e6d78
                                                                                                                  • Instruction Fuzzy Hash: 03F0E281F0FE850FE692A76C18B11E82A929F5612174804F3D54DCB1C3DC4C69058215
                                                                                                                  Function 00007FFD346A19D8 Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000025.00000002.2326484095.00007FFD346A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_37_2_7ffd346a0000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0ac15624988ff9ff3aaf76e8cc3ded792076b5c31355cf509df257135cf157cf
                                                                                                                  • Instruction ID: 25353d60a7a1d4f21125f80bad2f3bbbc0d1938876bffdc40b971a2f0c4732ae
                                                                                                                  • Opcode Fuzzy Hash: 0ac15624988ff9ff3aaf76e8cc3ded792076b5c31355cf509df257135cf157cf
                                                                                                                  • Instruction Fuzzy Hash: D4F0BEE1A0FE960FEBC9AEB440A54E03AD19F177A0B4500FAC10ACB2D3E85C38459311

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FFD347606ED Relevance: .4, Instructions: 390COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000027.00000002.2333808676.00007FFD34760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34760000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_39_2_7ffd34760000_RegAsm.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cb81852ad349d1b6b7d4e2cfab7b781c8c979e3698ddcffde2935b7c7ff8524d
                                                                                                                  • Instruction ID: cfad74daadaac29c38de56d619dea35aca3bffb31feb4547c85c1d6b1a4ea44b
                                                                                                                  • Opcode Fuzzy Hash: cb81852ad349d1b6b7d4e2cfab7b781c8c979e3698ddcffde2935b7c7ff8524d
                                                                                                                  • Instruction Fuzzy Hash: 76D170A1B0D6CA8FE79DD63884B56693BD2AF47214B1404BDC28ECB1E3DF5DB8049781