Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3.19.1+SetupWIService.exe

Overview

General Information

Sample name:3.19.1+SetupWIService.exe
Analysis ID:1590155
MD5:a7046c3136192e6e7b5180728b3b3b49
SHA1:80c172f4b988b75b9078ecfe6a40d92f353b6c73
SHA256:aedddd8ca924f5ff05651559d4b13895085af42b90ef304f9ea1d8d641a8fb21
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Modifies the hosts file
Modifies the windows firewall
Sets file extension default program settings to executables
Tries to delay execution (extensive OutputDebugStringW loop)
Uses netsh to modify the Windows network and firewall settings
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Explorer Process Tree Break
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • 3.19.1+SetupWIService.exe (PID: 8088 cmdline: "C:\Users\user\Desktop\3.19.1+SetupWIService.exe" MD5: A7046C3136192E6E7B5180728B3B3B49)
    • cmd.exe (PID: 8160 cmdline: cmd /C taskkill /F /IM WIService.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7208 cmdline: taskkill /F /IM WIService.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7300 cmdline: cmd /C taskkill /F /IM WIui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7440 cmdline: taskkill /F /IM WIui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7544 cmdline: cmd /C taskkill /F /IM wirtpproxy.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7688 cmdline: taskkill /F /IM wirtpproxy.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7856 cmdline: cmd /C taskkill /F /IM wiservice-ui.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5908 cmdline: taskkill /F /IM wiservice-ui.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5756 cmdline: cmd /C taskkill /F /IM vncsrv.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7068 cmdline: taskkill /F /IM vncsrv.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3300 cmdline: cmd /C taskkill /F /IM WildixOutlookIntegration.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1016 cmdline: taskkill /F /IM WildixOutlookIntegration.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5940 cmdline: cmd /C taskkill /F /IM WildixOutlookSync32.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7940 cmdline: taskkill /F /IM WildixOutlookSync32.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 8180 cmdline: cmd /C taskkill /F /IM WildixOutlookSync64.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 2104 cmdline: taskkill /F /IM WildixOutlookSync64.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • wiservice.exe (PID: 7372 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter MD5: D62710F3678538E483FFC7EA112D7F68)
    • dllhost.exe (PID: 7544 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • SIHClient.exe (PID: 5756 cmdline: C:\Windows\System32\sihclient.exe /cv f9TvbHSqhkOudq3dEifD3w.0.2 MD5: 8BE47315BF30475EEECE8E39599E9273)
    • RegAsm.exe (PID: 6012 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 6116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 1528 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 3208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2068 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 2288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2796 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 3136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4460 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 4672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 4124 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 4276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2164 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 7440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5908 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent MD5: A4EB36BAE72C5CB7392F2B85609D4A7E)
      • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5920 cmdline: cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3520 cmdline: schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 5824 cmdline: cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 5624 cmdline: netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • cmd.exe (PID: 1452 cmdline: cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 1308 cmdline: netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • wiservice.exe (PID: 5516 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 7940 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc MD5: D62710F3678538E483FFC7EA112D7F68)
    • explorer.exe (PID: 4196 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 1068 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId MD5: D62710F3678538E483FFC7EA112D7F68)
    • explorer.exe (PID: 3976 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • cmd.exe (PID: 6368 cmdline: cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • spoolsv.exe (PID: 7712 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • spoolsv.exe (PID: 1860 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
  • wiservice.exe (PID: 5472 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --update MD5: D62710F3678538E483FFC7EA112D7F68)
  • wiservice.exe (PID: 3888 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 392 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog MD5: D62710F3678538E483FFC7EA112D7F68)
    • wiservice.exe (PID: 2344 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher MD5: D62710F3678538E483FFC7EA112D7F68)
  • explorer.exe (PID: 5140 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • wiservice.exe (PID: 1504 cmdline: "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex MD5: D62710F3678538E483FFC7EA112D7F68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files\Wildix\WIService\WIService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\3.19.1+SetupWIService.exe, ProcessId: 8088, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WIService
Sigma detected: Explorer Process Tree Break
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 5140, ProcessName: explorer.exe
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 3B 00 77 00 69 00 6C 00 64 00 69 00 78 00 69 00 6E 00 74 00 65 00 67 00 72 00 61 00 74 00 69 00 6F 00 6E 00 2E 00 65 00 75 00 3B 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Wildix\WIService\wiservice.exe, ProcessId: 5516, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: wiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_d10117b0-7
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeEXE: cmd.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeEXE: cmd.exeJump to behavior
Uses 32bit PE files
Source: 3.19.1+SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
PE / OLE file has a valid certificate
Source: 3.19.1+SetupWIService.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: 3.19.1+SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c0 source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdbv source: spoolsv.exe, 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb: source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: RegAsm.exe, 0000002D.00000002.2289843086.000001EF61DD2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: RegAsm.exe, 00000029.00000002.2076330075.0000025194F12000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: RegAsm.exe, 0000002D.00000002.2289843086.000001EF61DD2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: RegAsm.exe, 0000002B.00000002.2184853850.000001F6ABAD2000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: RegAsm.exe, 0000002B.00000002.2184853850.000001F6ABAD2000.00000002.00000001.01000000.0000000D.sdmp
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275405D0 FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,29_2_00007FF8275405D0
Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/x-beesNativeApp.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: Joe Sandbox ViewIP Address: 18.173.205.94 18.173.205.94
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /integrations/integrations.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/applications.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficHTTP traffic detected: GET /integrations/x-beesNativeApp.json HTTP/1.1Host: files.wildix.comAccept: */*
Source: global trafficDNS traffic detected: DNS query: files.wildix.com
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cevcsca2021.ocsp-certum.com07
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: SIHClient.exe, 0000001E.00000002.2196410104.000001C4BE282000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.c
Source: SIHClient.exe, 0000001E.00000002.2196410104.000001C4BE282000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftm
Source: wiservice.exe, 00000041.00000003.3072488522.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCB2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCA9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3224177129.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3166198374.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869884700.000002634BCAE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869782680.000002634B296000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666161000.000002634BC9B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC89000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2667169713.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC91000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BCA4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCBD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763144000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.2498905876.00000167625BD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.000001676315F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225621733.00000167631A2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: SIHClient.exe, 0000001E.00000003.1514122158.000001C4BD9B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: SIHClient.exe, 0000001E.00000003.1517253735.000001C4BD9C2000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1514122158.000001C4BD9C2000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1517488774.000001C4BD966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?de33218
Source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: wiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000000.1349689874.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com
Source: wiservice.exe, 00000041.00000003.3072401955.000002634B288000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072488522.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCB2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCA9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3224177129.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3166198374.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869884700.000002634BCAE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B265000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3065108809.000002634B292000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869782680.000002634B296000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666161000.000002634BC9B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC89000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2667169713.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC91000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BCA4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCBD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763144000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.2498905876.00000167625BD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.000001676315F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225621733.00000167631A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com09
Source: wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com?
Source: wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.comC
Source: wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.comP
Source: wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.comz
Source: 3.19.1+SetupWIService.exe, 00000000.00000003.2542125486.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000002.2542859308.00000000006EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbx.wildix.comDisplayIcon
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com02
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com05
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certum.pl/CPS0
Source: wiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gimp.orgg
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1516743052.000001CD4C44C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2431071874.000002460DA10000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3222948678.00000219ECABD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/
Source: wiservice.exe, 0000003A.00000002.2431071874.000002460DA10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://backtrace.wildix.com/api/v1/IntegrationService/Trace/6$A
Source: wiservice.exe, 0000003B.00000003.2433644121.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433786681.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomkn
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknw%
Source: wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C628000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhi
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhicompleixin
Source: wiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: wiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: wiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiservice
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Analytics/wiserviceevent=unknownEventevent=data&
Source: wiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3222948678.00000219ECABD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservice
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiserviceemailothersizestypemessagecontextfeedback.zipPr
Source: wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.wildix.com/api/v1/Feedback/Wiservicep5
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/applications.json
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3222948678.00000219ECABD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json
Source: wiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.json0
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterS
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati
Source: wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2444597512.000001C34C6F2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgervice.e
Source: wiservice.exe, 0000003B.00000003.2433644121.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2446081112.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2444597512.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433786681.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/osx/wiservice/WIService.pkg
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/CollE7
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe/
Source: wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/tapi/WildixTAPI.exeowerS
Source: wiservice.exe, 0000003B.00000003.2433644121.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2446081112.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2444597512.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433786681.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.json
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsonD
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsoncom
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsoncoms
Source: wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://files.wildix.com/integrations/x-beesNativeApp.jsoneW
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: RegAsm.exe, 00000029.00000002.2076330075.0000025194F12000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://github.com/serilog/serilog/pull/819.
Source: wiservice.exe, 00000041.00000003.2666054188.000002634B28A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072488522.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCB2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCA9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3224177129.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3166198374.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869884700.000002634BCAE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666192497.000002634B292000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869782680.000002634B296000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666161000.000002634BC9B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC89000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2667169713.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC91000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BCA4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCBD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763144000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.2498905876.00000167625BD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.000001676315F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225621733.00000167631A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://wildix.atlassian.net/wiki/x/HgfOAQ&Send
Source: 3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.certum.pl/CPS0
Source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.wildix.com2015-2025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82758DD20: DeviceIoControl,29_2_00007FF82758DD20
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\wfaxport.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unidrv.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\imgprint.gpdJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unidrvui.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\unires.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdnames.gpdJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stddtype.gdlJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdschem.gdlJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\stdschmx.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\OldJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\NewJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unidrvui.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\imgprint.gpdJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\unires.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdnames.gpdJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stddtype.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschem.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\New\stdschmx.gdlJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\OldJump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\Old\1Jump to behavior
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.BUDJump to behavior
Source: C:\Windows\System32\SIHClient.exeFile created: C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMP40AA.tmp
Source: C:\Windows\System32\SIHClient.exeFile created: C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMPD3D3.tmp
Source: C:\Windows\System32\spoolsv.exeFile deleted: C:\Windows\System32\spool\drivers\x64\3\OldJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275337A029_2_00007FF8275337A0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82757A6EC29_2_00007FF82757A6EC
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275351C429_2_00007FF8275351C4
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF827552E1829_2_00007FF827552E18
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B5B3C29_2_00007FF8275B5B3C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF827569B2229_2_00007FF827569B22
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82754391029_2_00007FF827543910
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755184029_2_00007FF827551840
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B27FC29_2_00007FF8275B27FC
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755381029_2_00007FF827553810
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275C98B029_2_00007FF8275C98B0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275568B029_2_00007FF8275568B0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B177C29_2_00007FF8275B177C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275A767029_2_00007FF8275A7670
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275C867029_2_00007FF8275C8670
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275D06B829_2_00007FF8275D06B8
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275A951829_2_00007FF8275A9518
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82758451429_2_00007FF827584514
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275655E029_2_00007FF8275655E0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B157829_2_00007FF8275B1578
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82756E44429_2_00007FF82756E444
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755A4B029_2_00007FF82755A4B0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B247829_2_00007FF8275B2478
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755937029_2_00007FF827559370
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275BF34029_2_00007FF8275BF340
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82754D35029_2_00007FF82754D350
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755532029_2_00007FF827555320
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82758F39029_2_00007FF82758F390
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275C239429_2_00007FF8275C2394
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82756723029_2_00007FF827567230
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B32C429_2_00007FF8275B32C4
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82754C19029_2_00007FF82754C190
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF827553F6029_2_00007FF827553F60
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82756AF3C29_2_00007FF82756AF3C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755BF3029_2_00007FF82755BF30
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275C7FF029_2_00007FF8275C7FF0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275BCD3C29_2_00007FF8275BCD3C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275C0C9029_2_00007FF8275C0C90
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF827593B6029_2_00007FF827593B60
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275C7B5C29_2_00007FF8275C7B5C
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82755ABF029_2_00007FF82755ABF0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF827579A4429_2_00007FF827579A44
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B9AF029_2_00007FF8275B9AF0
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82753B97029_2_00007FF82753B970
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82753493029_2_00007FF827534930
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82756A9D429_2_00007FF82756A9D4
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275B198029_2_00007FF8275B1980
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0E8127831_2_00007FF7C0E81278
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0E81A7731_2_00007FF7C0E81A77
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FF7C0E7128833_2_00007FF7C0E71288
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9E30835_2_00007FF7C0E9E308
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E91AD035_2_00007FF7C0E91AD0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E912C035_2_00007FF7C0E912C0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0EA129835_2_00007FF7C0EA1298
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9F67035_2_00007FF7C0E9F670
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9509035_2_00007FF7C0E95090
Source: C:\Windows\System32\spoolsv.exeCode function: String function: 00007FF8275679B0 appears 64 times
Source: UNIRES.DLL.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: UNIRES.DLL.0.drStatic PE information: Resource name: None type: COM executable for DOS
Source: unires.dll.26.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unires.dll.26.drStatic PE information: Resource name: None type: COM executable for DOS
Source: unires.dll.29.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unires.dll.29.drStatic PE information: Resource name: None type: COM executable for DOS
Source: UC.dll.0.drStatic PE information: No import functions for PE file found
Source: unires.dll.26.drStatic PE information: No import functions for PE file found
Source: UNIRES.DLL.0.drStatic PE information: No import functions for PE file found
Source: unires.dll.29.drStatic PE information: No import functions for PE file found
Source: 3.19.1+SetupWIService.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unires.dll.26.drStatic PE information: Section .rsrc
Source: UNIRES.DLL.0.drStatic PE information: Section .rsrc
Source: unires.dll.29.drStatic PE information: Section .rsrc
Source: classification engineClassification label: mal48.adwa.evad.winEXE@110/99@2/3
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\WildixJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Users\user\AppData\Roaming\WildixJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6040:120:WilError_03
Source: C:\Windows\System32\SIHClient.exeMutant created: {376155FF-95A0-46CA-8F57-ACB09EA70153}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6116:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.updater
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3208:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4276:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7592:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7328:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4672:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6740:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2288:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3136:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:120:WilError_03
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \BaseNamedObjects\Local\com.wildix.desktop-integration.svchost
Source: C:\Program Files\Wildix\WIService\wiservice.exeMutant created: \Sessions\1\BaseNamedObjects\Local\com.wildix.desktop-integration.proxyex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6204:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7900:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsuFEFE.tmpJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: 3.19.1+SetupWIService.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIService.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wirtpproxy.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vncsrv.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookIntegration.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync32.exe")
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync64.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WIui.exe")
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "wiservice-ui.exe")
Source: C:\Program Files\Wildix\WIService\wiservice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WildixOutlookSync32.exe")
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\SIHClient.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\SIHClient.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\SIHClient.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\SIHClient.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile read: C:\Users\user\Desktop\3.19.1+SetupWIService.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\3.19.1+SetupWIService.exe "C:\Users\user\Desktop\3.19.1+SetupWIService.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: unknownProcess created: C:\Windows\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\SIHClient.exe C:\Windows\System32\sihclient.exe /cv f9TvbHSqhkOudq3dEifD3w.0.2
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --update
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
Source: unknownProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinterJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyexJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineIdJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Wildix\WIService\wiservice.exe "C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: hid.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msi.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: photometadatahandler.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\dllhost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ualapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: localspl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spoolss.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printisolationproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: appmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: fxsmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: tcpmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: snmpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wsnmp32.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: usbmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wfaxport.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: apmon.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: drvstore.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: win32spl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: inetpp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: spinf.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: prntvpt.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: ntprint.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: printercleanuptask.dllJump to behavior
Source: C:\Windows\System32\spoolsv.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeSection loaded: propsys.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Uninstall.lnk.0.drLNK file: ..\..\..\..\..\..\..\Program Files\Wildix\WIService\UninstallWIService.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\Wildix.AddInJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\WildixJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wiservice.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xmlJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\x-bees.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\faxJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\imgprint.gpdJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDNAMES.GPDJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRV.HLPJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwaresJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfuJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resourcesJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\resources\cdr.dbJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Office.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UC.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\wildix-oi.icoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifestJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.vstoJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.configJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDirectory created: C:\Program Files\Wildix\WIService\proxyex.lnkJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIServiceJump to behavior
Source: 3.19.1+SetupWIService.exeStatic PE information: certificate valid
Source: 3.19.1+SetupWIService.exeStatic file information: File size 25539800 > 1048576
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile opened: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to behavior
Source: 3.19.1+SetupWIService.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdb source: spoolsv.exe, 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\asn1\x_info.ccrypto\pem\pem_info.ccrypto\ocsp\ocsp_lib.c0 source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\fax\wfaxport.pdbv source: spoolsv.exe, 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb: source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdbw{ source: RegAsm.exe, 0000002D.00000002.2289843086.000001EF61DD2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\projects\serilog\src\Serilog\obj\Release\net46\Serilog.pdb source: RegAsm.exe, 00000029.00000002.2076330075.0000025194F12000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\projects\serilog-sinks-file\src\Serilog.Sinks.File\obj\Release\net45\Serilog.Sinks.File.pdb source: RegAsm.exe, 0000002D.00000002.2289843086.000001EF61DD2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\win-x64-release\wiservice.pdb source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdbP source: RegAsm.exe, 0000002B.00000002.2184853850.000001F6ABAD2000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: RegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\serilog-sinks-console\src\Serilog.Sinks.Console\obj\Release\net45\Serilog.Sinks.Console.pdb source: RegAsm.exe, 0000002B.00000002.2184853850.000001F6ABAD2000.00000002.00000001.01000000.0000000D.sdmp
Source: Newtonsoft.Json.dll.0.drStatic PE information: 0xDFF1C7F1 [Fri Jan 21 16:48:49 2089 UTC]
Source: wfaxport.dll.0.drStatic PE information: section name: _RDATA
Source: wiservice.exe.0.drStatic PE information: section name: _RDATA
Source: WildixOutlookSync64.exe.0.drStatic PE information: section name: _RDATA
Source: wfaxport.dll.26.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF827571402 push rbp; iretd 29_2_00007FF827571403
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0DC05CF push eax; retf 31_2_00007FF7C0DC0633
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0DC0599 pushad ; retf 31_2_00007FF7C0DC059A
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0E95512 push eax; iretd 31_2_00007FF7C0E95513
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0E9785E push eax; iretd 31_2_00007FF7C0E9786D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C0E9782E pushad ; iretd 31_2_00007FF7C0E9785D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FF7C0E7845E push eax; ret 33_2_00007FF7C0E7846D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FF7C0E7842E pushad ; ret 33_2_00007FF7C0E7845D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FF7C0E77C5E push eax; retf 33_2_00007FF7C0E77C6D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 33_2_00007FF7C0E77C2E pushad ; retf 33_2_00007FF7C0E77C5D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9845E push eax; ret 35_2_00007FF7C0E9846D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9842E pushad ; ret 35_2_00007FF7C0E9845D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E960AA pushad ; ret 35_2_00007FF7C0E960AB
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9785E push eax; iretd 35_2_00007FF7C0E9786D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 35_2_00007FF7C0E9782E pushad ; iretd 35_2_00007FF7C0E9785D
Source: msvcrt.dll.0.drStatic PE information: section name: .text entropy: 6.892055007396566
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\wiservice.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\wfaxport.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile created: C:\Windows\System32\wfaxport.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeFile created: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file

Boot Survival

barindex
Sets file extension default program settings to executables
Source: C:\Program Files\Wildix\WIService\wiservice.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WIService.wildix\shell\open\command C:\Program Files\Wildix\WIService\wiservice.exe %1
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildixJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WIServiceJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files\Wildix\WIService\wiservice.exeSection loaded: OutputDebugStringW count: 132
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 2C717390000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 2C731030000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 21AC0B10000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 21ADA5F0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1D7EF910000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1D7F13C0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 26F8AD00000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 26FA45C0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 25194CE0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 251ACFC0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1F6AB9D0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1F6C5420000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1EF61CD0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1EF7B7B0000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1C88D810000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: 1C8A7260000 memory reserve | memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C101000A rdtsc 31_2_00007FF7C101000A
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrvui.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UninstallWIService.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unires.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Office.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIRES.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync64.exeJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unires.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookCommon.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookAddin.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\WildixOutlookSync32.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLLJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\dotnet-dump.exeJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\UC.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dllJump to dropped file
Source: C:\Program Files\Wildix\WIService\wiservice.exeDropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\unidrv.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\websocket-sharp.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\fax\UNIDRV.DLLJump to dropped file
Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\Serilog.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dllJump to dropped file
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeDropped PE file which has not been started: C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dllJump to dropped file
Source: C:\Windows\System32\spoolsv.exeAPI coverage: 7.2 %
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exe TID: 8156Thread sleep time: -30100s >= -30000sJump to behavior
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 8140Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\SIHClient.exe TID: 1836Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\SIHClient.exe TID: 7948Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4428Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4948Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 8160Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 2044Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 8172Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 8184Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 3128Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 8120Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4180Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4812Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4924Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 4928Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 7908Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 7756Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 6068Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe TID: 7636Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 7364Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 6364Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 3656Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files\Wildix\WIService\wiservice.exe TID: 6700Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275405D0 FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,29_2_00007FF8275405D0
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files\Wildix\WIService\wiservice.exeThread delayed: delay time: 922337203685477
Source: SIHClient.exe, 0000001E.00000003.1518714603.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000002.2196006549.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1897066678.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1517488774.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1519671450.000001C4BD966000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWm0Q
Source: SIHClient.exe, 0000001E.00000003.1518714603.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000002.2196006549.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1897066678.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1517488774.000001C4BD966000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1519671450.000001C4BD966000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'
Source: spoolsv.exe, 0000001B.00000002.1486468984.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001B.00000003.1458944232.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, spoolsv.exe, 0000001B.00000003.1458357635.0000000000C04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllEE1
Source: SIHClient.exe, 0000001E.00000002.2195972281.000001C4BD914000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1896796996.000001C4BD914000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1517800686.000001C4BD917000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 0000001E.00000003.1897456410.000001C4BD914000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: spoolsv.exe, 0000001D.00000002.3222374337.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2429863624.000002460DA54000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000003.2429706499.000002460DA51000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2431369353.000002460DA57000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2458095364.0000020E8F1D9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2457879731.0000020E8F1C9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000003.2457975835.0000020E8F1D3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000002.3222948678.00000219ECACD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: wiservice.exe, 0000001A.00000003.1515129599.000001CD4C490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll##
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeAPI call chain: ExitProcess graph end nodegraph_0-3468
Source: C:\Program Files\Wildix\WIService\wiservice.exeProcess information queried: ProcessInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeCode function: 31_2_00007FF7C101000A rdtsc 31_2_00007FF7C101000A
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275AF214 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FF8275AF214
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82759F5F0 GetProcessHeap,HeapAlloc,std::bad_alloc::bad_alloc,29_2_00007FF82759F5F0
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275AF214 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00007FF8275AF214
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF8275901B8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_00007FF8275901B8
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIService.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WIui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /C taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebaseJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"Jump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /FJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIService.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WIui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wirtpproxy.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM wiservice-ui.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM vncsrv.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookIntegration.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync32.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM WildixOutlookSync64.exeJump to behavior
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: {}delete server {:#x}new {}x{} {}bpp framebufferdeleting old {}x{} {}bpp framebufferframebuffer size changed {}x{} -> {}x{}unsetting desktop {:#x}couldn't send ERROR messagecouldn't send auth result: %serror sending OK messagewrite timeoutInvalid Security Typeinvalid security type {}read error while receiving security typeclient gone while receiving security typerects data size mismatch ({})couldn't send encoded datacouldn't send raw datacouldn't send rect headercouldn't send update message headerclient gone while sending update message headercouldn't send message headersending {} rectsVNC main thread started SERVER: {:#08x}vnccouldn't send update message rect headerregister RFB encoding: code:{:#x} name:{}Encoding 0x%Xregister RFB message: code:{}couldn't initialize extensioncouldn't send protocol versionserver extension returned FALSE on connectregister RFB pseudo encoding: code:{:#x} name:{}PseudoEncoding 0x%Xclient RFB version: {}.{}invalid RFB clientcouldn't receive client protocol versionclient gone while receiving protocol versionusing auth type {}minor RFB version mismatchRFB version mismatch: server %d.%d, client %d.%dmajor RFB version mismatchcouldn't receive client init messageclient gone while initializingcouldn't send auth typeclient gone while sending auth typecouldn't create output threadcouldn't send server init messageclient gone while sending server init messageframebuffer size: {}x{}couldn't receive SetPixelFormat messageclient gone while receiving SetPixelFormat messagecouldn't receive client messageclient gone while receiving messagefix_color_map_entries is not supportedcouldn't FixColorMapEntries messageclient gone while receiving FixColorMapEntries messagerequested {}bpp pixel formatcouldn't recieve encoding typeclient gone while receiving encoding typecouldn't receive SetEncodings messageclient gone while receiving SetEncodings messageextension failed to process encoding {}recv encoding: {}enabling immediate_update extension for client {}enabling desktop_resize extension for client {}client gone while receiving FramebufferUpdateRequest messageunknown encoding type: {:#x}extension failed to process pseudo encoding {}recv pseudo encoding: {}presscouldn't receive KeyEvent messageclient gone while receiving KeyEvent messagecouldn't receive FrameBufferUpdateRequest messagecouldn't receive PointerEvent messageclient gone while receiving PointerEvent messagerecv key_event: keysym:{:#x} {}unpresscouldn't receive clipboard textclient gone while receiving clipboard textcouldn't receive CutText messageclient gone while receiving CutText messageextension failed to process message {}couldn't receive SetScaleFactor messageclient gone while receiving SetScaleFactor messagerecv clipboard: {}failed to deinit extensionserver extension returned FALSE on disconnectcouldn't join output threadunknown client message {}couldn't send extension dataclient gone while sending extension dataout vncVNC main thread EXIT SERVER: {:#08x}performing full fr
Source: wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: couldn't create streamer iteration threadcouldn't join streamer iteration threadjoin streamer iteration threadstreamerC:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\integrations\screen-sharing\Streamer.cppWD_REFM_OKWD_REFM_01streamer's pending connection couldn't complete in {}mswaiting for all connections to resolveinvalid wildix auth replywildix auth reply '{}' receivedwildix auth marker '{}' sentXauth failedcouldn't create socketconnecting to {}:{}seqid {:#x} does not match last sent PING request ({:#x})configinvalid peer '{}'%dserver connectedSHUTDOWNcouldn't reconnectE_SCREEN_SHARINGdisplayssetting 'display' parameter to '{}'put message on hold because user does not allow remote controlpongR_SCREEN_SHARINGcouldn't parse message JSONlaunching system process toolsetting 'app' parameter to '{}'setting 'control' parameter to '{}'pinginvalid commandseqidinvalid msgdataunrecognized command '{}'showprocesstoolgetconfigsetparametersdesktop recording is restrictedprocess pending parameters change requestlast iteration took {}ms{}:{}recreating desktop objectsecond lock took {}msdesktop update took {}msdesktop target check took {}msfirst lock took {}mssleep took {}msthird lock took {}msframebuffer update took {}msdesktop resize took {}msconnection goneserver screenupdate took {} msclosing server due to screen resizesize: {}x{}, desktop size: {}x{}exit loopreconnecting due to error, {} attempts left{}ms without PONG replies from clientWIService.DesktopNotifyC:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\integrations\screen-sharing\utils\win\WinDesktopConfiguration.cppStarting desktop notifications loopProgmanFinishing desktop notifications loopDesktop configuration changedCouldn't create desktop notification window. CreateWindowExW() failed with error {}Generic PnP MonitorRefreshing desktop configurationRefreshing window configurationButtonNo HMONITOR found for supplied device index {}hi
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoEx,29_2_00007FF82758A80C
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,29_2_00007FF8275CF61C
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,29_2_00007FF8275CF6EC
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,29_2_00007FF8275C3694
Source: C:\Windows\System32\spoolsv.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,29_2_00007FF8275CF2C0
Source: C:\Windows\System32\spoolsv.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,29_2_00007FF8275CFD08
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,29_2_00007FF8275CFB24
Source: C:\Windows\System32\spoolsv.exeCode function: GetLocaleInfoW,29_2_00007FF8275C3BD4
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Office.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\Serilog.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeQueries volume information: C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\spoolsv.exeCode function: 29_2_00007FF82756A60C GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,29_2_00007FF82756A60C
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Program Files\Wildix\WIService\wiservice.exeFile written: C:\Windows\System32\drivers\etc\hosts
Modifies the windows firewall
Source: C:\Users\user\Desktop\3.19.1+SetupWIService.exeProcess created: C:\Windows\System32\cmd.exe cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
File and Directory Permissions Modification		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		211
Disable or Modify Tools		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol1
Clipboard Data		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Access Token Manipulation		1
Deobfuscate/Decode Files or Information		Security Account Manager47
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		1
Windows Service		3
Obfuscated Files or Information		NTDS41
Security Software Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd11
Registry Run Keys / Startup Folder		12
Process Injection		1
Software Packing		LSA Secrets2
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Scheduled Task/Job		1
Timestomp		Cached Domain Credentials141
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Search Order Hijacking		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron123
Masquerading		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd141
Virtualization/Sandbox Evasion		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Access Token Manipulation		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers12
Process Injection		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590155 Sample: 3.19.1+SetupWIService.exe Startdate: 13/01/2025 Architecture: WINDOWS Score: 48 79 files.wildix.com 2->79 81 bg.microsoft.map.fastly.net 2->81 83 Tries to delay execution (extensive OutputDebugStringW loop) 2->83 8 3.19.1+SetupWIService.exe 14 87 2->8         started        12 spoolsv.exe 110 46 2->12         started        14 wiservice.exe 2->14         started        16 3 other processes 2->16 signatures3 process4 dnsIp5 57 C:\Program Files\Wildix\...\wiservice.exe, PE32+ 8->57 dropped 59 C:\...\WisUpdateCheckerTaskX64.xml, XML 8->59 dropped 61 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->61 dropped 69 32 other files (none is malicious) 8->69 dropped 93 Modifies the windows firewall 8->93 19 cmd.exe 8->19         started        22 wiservice.exe 8->22         started        25 wiservice.exe 8->25         started        33 25 other processes 8->33 63 C:\Windows\system32\...\unires.dll (copy), PE32+ 12->63 dropped 65 C:\Windows\system32\...\unidrvui.dll (copy), PE32+ 12->65 dropped 67 C:\Windows\system32\...\unidrv.dll (copy), PE32+ 12->67 dropped 71 3 other files (none is malicious) 12->71 dropped 27 wiservice.exe 14->27         started        29 wiservice.exe 14->29         started        73 files.wildix.com 18.173.205.52, 443, 49985 MIT-GATEWAYSUS United States 16->73 75 18.173.205.94, 443, 49988, 49991 MIT-GATEWAYSUS United States 16->75 77 127.0.0.1 unknown unknown 16->77 31 wiservice.exe 16->31         started        file6 signatures7 process8 file9 85 Uses schtasks.exe or at.exe to add and modify task schedules 19->85 87 Uses netsh to modify the Windows network and firewall settings 19->87 35 conhost.exe 19->35         started        37 schtasks.exe 19->37         started        47 C:\Windows\System32\drivers\etc\hosts, ASCII 22->47 dropped 89 Modifies the hosts file 22->89 91 Sets file extension default program settings to executables 25->91 49 C:\Windows\System32\wfaxport.dll, PE32+ 33->49 dropped 51 C:\Windows\System32\spool\...\unires.dll, PE32+ 33->51 dropped 53 C:\Windows\System32\spool\...\unidrvui.dll, PE32+ 33->53 dropped 55 C:\Windows\System32\spool\...\unidrv.dll, PE32+ 33->55 dropped 39 taskkill.exe 1 33->39         started        41 taskkill.exe 1 33->41         started        43 taskkill.exe 1 33->43         started        45 26 other processes 33->45 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
3.19.1+SetupWIService.exe0%VirustotalBrowse
3.19.1+SetupWIService.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Office.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\Serilog.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UC.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\UninstallWIService.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe3%ReversingLabs
C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\dotnet-dump.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\UNIRES.DLL0%ReversingLabs
C:\Program Files\Wildix\WIService\fax\wfaxport.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\websocket-sharp.dll0%ReversingLabs
C:\Program Files\Wildix\WIService\wiservice.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsExec.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\3\New\unires.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unidrv.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unidrvui.dll0%ReversingLabs
C:\Windows\System32\spool\drivers\x64\unires.dll0%ReversingLabs
C:\Windows\System32\wfaxport.dll0%ReversingLabs
C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)0%ReversingLabs
C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)0%ReversingLabs
C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgervice.e0%Avira URL Cloudsafe
https://wildix.atlassian.net/wiki/x/HgfOAQ&Send0%Avira URL Cloudsafe
https://files.wildix.com/integrations/applications.json0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/tapi/WildixTAPI.exeowerS0%Avira URL Cloudsafe
http://crl.microsoftm0%Avira URL Cloudsafe
https://www.wildix.com0%Avira URL Cloudsafe
http://ocsp.sectigo.comP0%Avira URL Cloudsafe
https://wildix.atlassian.net/wiki/x/HgfOAQ0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterS0%Avira URL Cloudsafe
https://files.wildix.com/integrations/0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.json0%Avira URL Cloudsafe
http://ocsp.sectigo.comC0%Avira URL Cloudsafe
https://backtrace.wildix.com/api/v1/IntegrationService/Trace/6$A0%Avira URL Cloudsafe
https://files.wildix.com/integrations/osx/wiservice/WIService.pkg0%Avira URL Cloudsafe
http://pbx.wildix.comDisplayIcon0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/wiservice/SetupWIService.exe0%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integrati0%Avira URL Cloudsafe
https://backtrace.wildix.com/api/v1/IntegrationService/Trace/0%Avira URL Cloudsafe
http://ocsp.sectigo.com090%Avira URL Cloudsafe
http://www.gimp.orgg0%Avira URL Cloudsafe
https://www.wildix.com2015-20250%Avira URL Cloudsafe
https://files.wildix.com/integrations/integrations.json00%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.jsonD0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe/0%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.jsoncom0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/collaboration/CollE70%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.json0%Avira URL Cloudsafe
http://jimmac.musichall.cz0%Avira URL Cloudsafe
https://files.wildix.com/integrations/win/tapi/WildixTAPI.exe0%Avira URL Cloudsafe
http://crl.microsoft.c0%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.jsoneW0%Avira URL Cloudsafe
https://files.wildix.com/integrations/x-beesNativeApp.jsoncoms0%Avira URL Cloudsafe
https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkg0%Avira URL Cloudsafe
http://ocsp.sectigo.comz0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    		217.20.57.35
    		truefalse
      		high
      files.wildix.com
      		18.173.205.52
      		truefalse
        		unknown
        s-part-0017.t-0009.fb-t-msedge.net
        		13.107.253.45
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://files.wildix.com/integrations/applications.jsonfalse
          • Avira URL Cloud: safe
          		unknown
          https://files.wildix.com/integrations/integrations.jsonfalse
          • Avira URL Cloud: safe
          		unknown
          https://files.wildix.com/integrations/x-beesNativeApp.jsonfalse
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://repository.certum.pl/ctsca2021.cer0A3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://crl.certum.pl/ctsca2021.crl0o3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://wildix.atlassian.net/wiki/x/HgfOAQ&Sendwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://files.wildix.com/integrations/win/tapi/WildixTAPI.exeowerSwiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://feedback.wildix.com/api/v1/Feedback/Wiservicep5wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://www.wildix.comwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgervice.ewiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://crl.microsoftmSIHClient.exe, 0000001E.00000002.2196410104.000001C4BE282000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://repository.certum.pl/cevcsca2021.cer03.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://feedback.wildix.com/api/v1/Feedback/Wiservicewiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3222948678.00000219ECABD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                    		high
                    https://files.wildix.com/integrations/wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/opencv/opencv/issues/16739wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                      		high
                      https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknw%wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://curl.se/docs/hsts.htmlwiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://wildix.atlassian.net/wiki/x/HgfOAQwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.sectigo.comPwiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://subca.ocsp-certum.com053.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://files.wildix.com/integrations/integrations.jsonapplications.jsonx-beesNativeApp.jsonUpdaterSwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exewiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhicompleixinwiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://subca.ocsp-certum.com023.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://backtrace.wildix.com/api/v1/IntegrationService/Trace/6$Awiservice.exe, 0000003A.00000002.2431071874.000002460DA10000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://chrome.google.com/webstore/detail/x-bees/olejekejjhgimnlliplaiodgmbpcflhiwiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C628000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://subca.ocsp-certum.com013.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.certum.pl/ctnca2.crl0l3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://ocsp.sectigo.comCwiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://repository.certum.pl/ctnca2.cer093.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://files.wildix.com/integrations/osx/wiservice/WIService.pkgwiservice.exe, 0000003B.00000003.2433644121.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2446081112.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2444597512.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433786681.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://ocsp.sectigo.com?wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://files.wildix.com/integrations/win/wiservice/SetupWIService.exewiservice.exe, 0000003B.00000003.2433644121.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2446081112.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2444597512.000001C34C6F6000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6B8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433786681.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.certum.pl/CPS03.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/serilog/serilog/pull/819.RegAsm.exe, 00000029.00000002.2076330075.0000025194F12000.00000002.00000001.01000000.0000000C.sdmpfalse
                                              		high
                                              http://pbx.wildix.comDisplayIcon3.19.1+SetupWIService.exe, 00000000.00000003.2542125486.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000002.2542859308.00000000006EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://backtrace.wildix.com/api/v1/IntegrationService/Trace/wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1516743052.000001CD4C44C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2431071874.000002460DA10000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3222948678.00000219ECABD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B1E8000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://cevcsca2021.ocsp-certum.com073.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#wiservice.exe, 00000041.00000003.3072488522.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCB2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCA9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3224177129.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3166198374.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869884700.000002634BCAE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869782680.000002634B296000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666161000.000002634BC9B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC89000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2667169713.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC91000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BCA4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCBD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763144000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.2498905876.00000167625BD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.000001676315F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225621733.00000167631A2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763135000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://files.wildix.com/integrations/integrations.jsonhttps://backtrace.wildix.com/api/v1/Integratiwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://sectigo.com/CPS0wiservice.exe, 00000041.00000003.2666054188.000002634B28A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072488522.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCB2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCA9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3224177129.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3166198374.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869884700.000002634BCAE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666192497.000002634B292000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869782680.000002634B296000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666161000.000002634BC9B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC89000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2667169713.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC91000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BCA4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCBD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763144000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.2498905876.00000167625BD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.000001676315F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225621733.00000167631A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://repository.certum.pl/ctnca.cer093.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://curl.se/docs/http-cookies.htmlwiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                        		high
                                                        http://crl.certum.pl/ctnca.crl0k3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://ocsp.sectigo.com09wiservice.exe, 00000041.00000003.3072401955.000002634B288000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072488522.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCB2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCA9000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3224177129.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3166198374.000002634BC9A000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869884700.000002634BCAE000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000002.3223447332.000002634B265000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3065108809.000002634B292000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869782680.000002634B296000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666161000.000002634BC9B000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC89000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2667169713.000002634BC9C000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2666928820.000002634BC91000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.2869613908.000002634BCA4000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000041.00000003.3072123354.000002634BCBD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.0000016763144000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000003.2498905876.00000167625BD000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225062994.000001676315F000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 00000042.00000002.3225621733.00000167631A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.gimp.orggwiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://files.wildix.com/integrations/x-beesNativeApp.jsonDwiservice.exe, 0000003B.00000002.2458516281.000001C34C63B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://nsis.sf.net/NSIS_ErrorError3.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, 3.19.1+SetupWIService.exe, 00000000.00000000.1349689874.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              http://ocsp.sectigo.comwiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://curl.se/docs/alt-svc.htmlwiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                  		high
                                                                  https://files.wildix.com/integrations/win/collaboration/Collaboration-x64.exe/wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.certum.pl/CPS03.19.1+SetupWIService.exe, 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmp, wiservice.exe, 0000001A.00000003.1513902419.000001CD4C4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://james.newtonking.com/projects/jsonRegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                      		high
                                                                      https://chrome.google.com/webstore/detail/wildix-collaboration/lobgohpoobpijgfegnlhdnppegdbomknwiservice.exe, 0000003B.00000003.2433644121.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433786681.000001C34C6F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://feedback.wildix.com/api/v1/Analytics/wiserviceevent=unknownEventevent=data&wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          https://files.wildix.com/integrations/integrations.json0wiservice.exe, 0000003E.00000002.2460222285.0000020E8F1AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.wildix.com2015-2025wiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://files.wildix.com/integrations/x-beesNativeApp.jsoncomwiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://files.wildix.com/integrations/win/collaboration/CollE7wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://files.wildix.com/integrations/win/tapi/WildixTAPI.exewiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2433894698.000001C34C6BB000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://jimmac.musichall.czwiservice.exe, 0000001A.00000000.1443676360.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000001A.00000002.1519787700.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000000.2416068218.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000000.2416662839.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000002.2464938975.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000002.3226296186.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000000.2461016528.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000002.3228151287.00007FF667CF8000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.newtonsoft.com/jsonschemaRegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                            		high
                                                                            https://files.wildix.com/integrations/x-beesNativeApp.jsoneWwiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://crl.microsoft.cSIHClient.exe, 0000001E.00000002.2196410104.000001C4BE282000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://feedback.wildix.com/api/v1/Analytics/wiservicewiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              		high
                                                                              https://www.nuget.org/packages/Newtonsoft.Json.BsonRegAsm.exe, 00000025.00000002.1964576425.0000026FA4EB2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                		high
                                                                                https://files.wildix.com/integrations/osx/collaboration/Collaboration.pkgwiservice.exe, 0000003B.00000003.2447888686.000001C34C6B7000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000003.2444597512.000001C34C6F2000.00000004.00000020.00020000.00000000.sdmp, wiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assignwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                  		high
                                                                                  https://files.wildix.com/integrations/x-beesNativeApp.jsoncomswiservice.exe, 0000003B.00000002.2458516281.000001C34C6A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://ocsp.sectigo.comzwiservice.exe, 00000042.00000002.3223128419.0000016762555000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://feedback.wildix.com/api/v1/Feedback/Wiserviceemailothersizestypemessagecontextfeedback.zipPrwiservice.exe, 0000001A.00000002.1519787700.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003A.00000002.2433890718.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003B.00000002.2465404426.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003E.00000000.2438907373.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 0000003F.00000000.2449328515.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000041.00000002.3226711786.00007FF667E51000.00000002.00000001.01000000.00000006.sdmp, wiservice.exe, 00000042.00000000.2461231235.00007FF667E51000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    18.173.205.52
                                                                                    		files.wildix.comUnited States
                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                    18.173.205.94
                                                                                    		unknownUnited States
                                                                                    		3MIT-GATEWAYSUSfalse

                                                                                    Private

                                                                                    IP
                                                                                    127.0.0.1

                                                                                    General Information

                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                    Analysis ID:1590155
                                                                                    Start date and time:2025-01-13 17:14:55 +01:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 12m 26s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Run name:Run with higher sleep bypass
                                                                                    Number of analysed new started processes analysed:76
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:3.19.1+SetupWIService.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal48.adwa.evad.winEXE@110/99@2/3
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 20%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 97%
                                                                                    • Number of executed functions: 186
                                                                                    • Number of non-executed functions: 164
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, taskhostw.exe, Conhost.exe, dllhost.exe, WMIADAP.exe, conhost.exe
                                                                                    • Excluded IPs from analysis (whitelisted): 20.109.210.53, 199.232.210.172, 20.242.39.171, 13.85.23.206, 13.107.253.45, 52.109.89.18, 52.113.194.132, 2.23.242.162
                                                                                    • Excluded domains from analysis (whitelisted): ecs.office.com, azurefd-t-fb-prod.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, feedback.wildix.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, crt.usertrust.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, crt.sectigo.com, azureedge-t-prod.trafficmanager.net, officeclient.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 1528 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 2068 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 2164 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 2796 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 4124 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 4460 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 5908 because it is empty
                                                                                    • Execution Graph export aborted for target RegAsm.exe, PID 6012 because it is empty
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    17:17:40Task SchedulerRun new task: WIService update checker path: C:\Program Files\Wildix\WIService\wiservice.exe s>--update
                                                                                    17:17:43AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WIService C:\Program Files\Wildix\WIService\WIService.exe

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    18.173.205.52http://oinbaseprologin.yourwebsitespace.com/Get hashmaliciousUnknownBrowse
                                                                                      18.173.205.94https://mega.foGet hashmaliciousHTMLPhisherBrowse
                                                                                        https://app.online.mt.com/e/es?s=961579678&e=14507707&elqTrackId=4f40dcb3a3854013ad3a46d461cc3aff&elq=5140e028df1a42afab491350388fd129&elqaid=221811&elqat=1&elqcst=272&elqcsid=2325629&elqak=8AF5D97DFF9E423CC7C7524F5CA3C1A86F5F67341B9DF612D5A2FB20DE928F2AA351Get hashmaliciousUnknownBrowse
                                                                                          https://us.services.docusign.net/webforms-ux/v1.0/forms/de9dbdc77cc2367bb50c45c4d2a0b8c4Get hashmaliciousUnknownBrowse
                                                                                            http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                              https://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                                http://molatoriism.icuGet hashmaliciousHTMLPhisherBrowse
                                                                                                  https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ftejasviolin.com%2Fcharlieir%2FXHVsNVYTNZSjG4S2Sb86eRml/amNoaW5mb0BqdW1laXJhaC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                    https://pub-ed7d897b46f94eef8e19264c3144fa78.r2.dev/home.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      https://bdvonline-personas-139.pages.dev/Get hashmaliciousHTMLPhisherBrowse

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                        • 217.20.57.18
                                                                                                        DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 217.20.57.20
                                                                                                        DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 217.20.57.18
                                                                                                        https://support.wt-nx.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 84.201.210.39
                                                                                                        https://support.rv-rw.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 217.20.57.19
                                                                                                        https://findmy.cl-ew.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 217.20.57.18
                                                                                                        https://www.support.av-ro.com/aU3V88/c1.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 217.20.57.35
                                                                                                        https://informed.deliveryekg.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 217.20.57.34
                                                                                                        https://informed.deliveryewo.top/us/Get hashmaliciousUnknownBrowse
                                                                                                        • 217.20.57.19
                                                                                                        https://informed.deliveryele.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 84.201.210.39
                                                                                                        files.wildix.com3.17.7+SetupWIService.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 54.230.31.9
                                                                                                        SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                        • 52.213.62.3
                                                                                                        SetupWIService.exeGet hashmaliciousGuLoaderBrowse
                                                                                                        • 52.213.62.3
                                                                                                        bg.microsoft.map.fastly.netJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                        • 199.232.210.172
                                                                                                        Invoice and packing list.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 199.232.210.172
                                                                                                        AstralprivateDLL.exe.bin.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                        • 199.232.210.172
                                                                                                        documents.exeGet hashmaliciousRemcosBrowse
                                                                                                        • 199.232.210.172
                                                                                                        YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                                                                                                        • 199.232.210.172
                                                                                                        1972921391166218927.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                        • 199.232.214.172
                                                                                                        29522576223272839.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                        • 199.232.214.172
                                                                                                        1329220172182926612.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                        • 199.232.210.172
                                                                                                        29112223682907312977.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                        • 199.232.210.172
                                                                                                        179861427815317256.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                        • 199.232.210.172
                                                                                                        s-part-0017.t-0009.fb-t-msedge.nethttps://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 13.107.253.45
                                                                                                        http://id1223.adsalliance.xyzGet hashmaliciousUnknownBrowse
                                                                                                        • 13.107.253.45
                                                                                                        NursultanAlphaCrack.bat.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                        • 13.107.253.45
                                                                                                        https://sites.google.com/view/01-25sharepoint/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 13.107.253.45
                                                                                                        YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                                                                                                        • 13.107.253.45
                                                                                                        setup64v.2.9.7.msiGet hashmaliciousUnknownBrowse
                                                                                                        • 13.107.253.45
                                                                                                        https://encryption-deme-group.lomiraxen.ru/PdoodjcL/#Mvercauteren.william@deme-group.comGet hashmaliciousUnknownBrowse
                                                                                                        • 13.107.253.45
                                                                                                        17367113452957edfc9b8ae3ec34b8a6a9089df6f896f271bbf1399203c8025fd6cb0731fa872.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 13.107.253.45
                                                                                                        VlY57c5AF4.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 13.107.253.45
                                                                                                        wN7EPNiHSM.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 13.107.253.45

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        MIT-GATEWAYSUShttps://mega.foGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 18.173.205.104
                                                                                                        JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                        • 18.173.219.40
                                                                                                        https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                                                        • 18.66.102.51
                                                                                                        DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 18.66.147.96
                                                                                                        elitebotnet.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 19.135.143.180
                                                                                                        elitebotnet.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 19.6.61.253
                                                                                                        elitebotnet.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 18.124.224.161
                                                                                                        3.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 19.237.174.63
                                                                                                        5.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 18.116.56.162
                                                                                                        MIT-GATEWAYSUShttps://mega.foGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 18.173.205.104
                                                                                                        JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                        • 18.173.219.40
                                                                                                        https://deltacapoffers.com/prequalification.php?utm_source=klayvio&utm_medium=email&utm_campaign=scrapeddripcampaign&utm_id=efi&utm_term=efi&utm_content=scrapedlists6&_kx=YFJgSt5YAM6jpJldJ4ZDop7CB1jVRJhqJKw59Uk4HMU.QZibAuGet hashmaliciousUnknownBrowse
                                                                                                        • 18.66.102.51
                                                                                                        DOCS974i7C63.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 18.66.147.96
                                                                                                        elitebotnet.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 19.135.143.180
                                                                                                        elitebotnet.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 19.6.61.253
                                                                                                        elitebotnet.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 18.124.224.161
                                                                                                        3.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 19.237.174.63
                                                                                                        5.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 18.116.56.162

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dllfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                          C:\Program Files\Wildix\WIService\DseaCallControlSdk.dllfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                            C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dllfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse

                                                                                                              Created / dropped Files

                                                                                                              C:\Program Files\Wildix\WIService\DseaCallControlSdk.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1691760
                                                                                                              Entropy (8bit):6.377248011693859
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:W0H28oc49lxvVtv4nZ70XYvHPhqkWHZC8l/Ia0dpZu4MRk:09wn10/k
                                                                                                              MD5:AC174E068FA99EA6B346353BA69757CE
                                                                                                              SHA1:CD1A42D84C18E8473FBEC6A6A3AC731DBB1FCC9B
                                                                                                              SHA-256:19C680C1691BA446F2751B79355F2EF7206BBDA3684B058370F26FD2A82F5D6B
                                                                                                              SHA-512:E9B0249979ABE566651CDC14F3C18A93B5B8C5C4C45E97FDB7A39D828A7FE930FEE8F1EE7B0A50A5213B4C2B0727E7C07FA5EF591FA80F555D6654CADD5B9BBD
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip, Detection: malicious, Browse
                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........xj..xj..xj......xj...n..xj...i..xj...o..xj...k..xj...m..xj...n..xj...k..xj..xk..yj...o..xj...j..xj......xj..x...xj...h..xj.Rich.xj.........................PE..d...2..c.........." .....V..........d-.......................................@......~.....`.........................................P...........|....... ....0..t.......p*... ..........T.......................(...`...8............p...............................text....U.......V.................. ..`.rdata.......p.......Z..............@..@.data........ ......................@....pdata..t....0......................@..@.rsrc... ...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):985712
                                                                                                              Entropy (8bit):5.551919340566682
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24576:OmPj0ZKH4lODcxSgo5Gn8WuMRIn+N3gN+zs5KPIVmkXiGzcJy3gt2LER6GvK9Hw1:Omb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNw
                                                                                                              MD5:390B04A388FFD833D4E93ED4153AE58D
                                                                                                              SHA1:1D21644C16772988DD817B40E3886585BBB2D4B2
                                                                                                              SHA-256:BB0E790F27DCBEC3B0DCB9F01F27A38C3D2D1F775538C6CFBF9883795F38EFF2
                                                                                                              SHA-512:2FD5E8435110FD10DA4B17496377D619C249A11CEFDF4B01796029BB4A24E6A13EAA133158D250C9CC3C7BC9DBECA42BCE09F5AB3523B415A54F9461F3E5BA2A
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip, Detection: malicious, Browse
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2.V...........!......... ........... ........@.. ....................... .......h....@.....................................K.......................p*........................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Common.v4.0.Utilities.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):37488
                                                                                                              Entropy (8bit):6.42379201827549
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:PwJTwYB4E5n/xe5arr82ADib6kysSoQuSW:YJYE55e5mr8tOb6k1L7SW
                                                                                                              MD5:D332E42FFA4175720FBC2AA4AC4C57E3
                                                                                                              SHA1:4148438DBD61126A5B223409E6FF49F8F838362C
                                                                                                              SHA-256:9B070077A44937BEF43C386D4A89051300BC4FAA50C115A1D10FDBB052B66CA8
                                                                                                              SHA-512:EB3C246EE059B94CE994B301486117AF1C06B7995FE107EC7F6A9CF0465A8BBFD45D46BCCF87623644BB9C4E345E141BC0F1BDA1FF8FC8D73CE255EEAC0FEA8D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zip, Detection: malicious, Browse
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..K...........!.....X..........nv... ........... ....................................@..................................v..O.......d............h..p*..........tu............................................... ............... ..H............text...tV... ...X.................. ..`.rsrc...d............Z..............@..@.reloc...............f..............@..B................Pv......H....... &..TO..................P .......................................2...B..5....vO{:R.G.._(P%+.....|cn.A..@.E.#.....w.....?o......."[......6...|..z...:,.L.......A..|.T^k.A....R-...N.......(/............o~...}......{....op...}....*..{....*v.{....ox.....o....u.........*2.{....ov...*2.{....ow...*2.{....ox...*6.{.....or...*6.{.....os...*6.{.....ot...*6.{.....ou...*2.{....on...*2.{....oe...*2.{....of...*2.{....oo...*2.{....ok...*2.{....oi...*2.{....oj...*2.{....om...

                                                                                                              C:\Program Files\Wildix\WIService\Microsoft.Office.Tools.Outlook.v4.0.Utilities.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):53872
                                                                                                              Entropy (8bit):6.209840303982636
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:N7vV5z3+6KTqUPtLnPDiQ0fWST41mocNAwkEGjhl2BOBaBnD/4xFsO282ADib6U2:xVs6c3d28tOb6UT1L7SF
                                                                                                              MD5:D454D5F84DD74C88DE630BA148470B43
                                                                                                              SHA1:C2CB551054DF4EEE747783450BD5A79E711774B1
                                                                                                              SHA-256:D4C2959CC59021EC109C0546AB6B44C9D62FE34F8648FA2E82693B6F6FDB9717
                                                                                                              SHA-512:D30B2E6B7A1908FE80D5B52CC349D0BC128DBD807413AF3303626DC9758C11A3FA58E99E3A368C284C7B9573C06A7DD6B1228C398B1E1D84C1AEAD545713FD08
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..K...........!................~.... ........... ....................................@.................................0...K.......@...............p*........................................................... ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................`.......H........#......................P ......................................oM.?~!...g.h+...$.w....6]...3.U.9.8.!..d)r<....wV...OE!..NB...W.....k..,....h...@.......K.\6.<......6.<d.Y.A`.S..J.Q?..*..((.......oI...}......{....t....}....*..{....*N.{....o*.....(+...*..{....*2.{....oB...*6.{.....oC...*2.{....oD...*6.{.....oE...*2.{....oF...*2.{....oG...*6.{.....o>...*6.{.....o?...*6.{.....o@...*6.{.....oA...*2.{....o:...*2.{....o;...*:.(6.....}....*..{....*..{....*6.{.....o...

                                                                                                              C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):483440
                                                                                                              Entropy (8bit):5.88808533617672
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Ma9ps9y+hl8hyfItfqNWtkT4yzIDUCEheLQta3spminCi5W3EKjWFY4A7+BkvCZ/:Ma9ps9y+hl8hyfItfqNWtkT4yzIDUCEf
                                                                                                              MD5:3A1269C0A167AC4D9A444A6123F62647
                                                                                                              SHA1:578575D8D7A073EF2AE8AF7DE65558ECC0FC0F99
                                                                                                              SHA-256:ABC3A0B4FE5DB6717ED3D1BED438BACF053000BCA6C75DD8BE0047D776CEBB20
                                                                                                              SHA-512:63DA1B64A5AFFF89A7031470EB3F08ABA8F4EE381025777EBBD5EA6404F68C92A998169C8B0B21DB3495CDF6A63AC836154C348DDD7D469EAACE293FD0A0482D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!................~L... ...`....@.. ..............................s.....@.................................(L..S....`...............6..p*........................................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B................`L......H........^..(....................].......................................0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..&...........{....9........{............o....**...0..6...........(........ ....}.........}.........}.........}....*...0............ ....."..... .... ...... .... n..... .... ...... .... P..... .... ...... .... (..... .... ...... .... D..... .... ...... .... D..... .... i..... .... ...... .... ...... .

                                                                                                              C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):703088
                                                                                                              Entropy (8bit):5.944616866544071
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Rf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cHQYa:ZXNL2PVh6B+BzjmcwYa
                                                                                                              MD5:D3E0B67E13A5705481C6CA3C7193E7CF
                                                                                                              SHA1:41EE7FAA47F8FBBC025170B5D137E11F4475922E
                                                                                                              SHA-256:F0A7EAAABC1D4D46F45646C9676136377DD72FEFE0365DE51CC7A0CD048AA8C0
                                                                                                              SHA-512:6087C957A49F5472F3D77D4F3B4114C536A5777C03AE33223835698AD3C2865CE3BB2F8FF8DB1CD0DF49FB7CF73FA61B4DFA849430295E82B3D82601E1B66E95
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ....................................`.....................................O.......................p*..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                              C:\Program Files\Wildix\WIService\Office.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):420464
                                                                                                              Entropy (8bit):5.859763778856411
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:no4vyP2a+zKZsxgkE0PTpFh/2f7rvmcyjlSjnqgy:no4vyP2a+zKZsDr52f7rvty
                                                                                                              MD5:5759B4F594B5D6B05CDF7D3818A41CF8
                                                                                                              SHA1:63F4C42A3E3279F918991886DF6C53A5121C6D9B
                                                                                                              SHA-256:E31181E899F6A109B782D20D6A77392D3F8A4C945D818861D9DC0ACB3B67D477
                                                                                                              SHA-512:D53609028B3495DAA23C370ECD65500CB7F636A9950E7C54970CBA79A0C38DC6C81CBCC44C97392EA5B33F581C243D2C0A268E08ADFAF1D1EFA2746FC120089C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....oAE...........!......... ......."... ...@....@.. ..............................s........................................!..W....@..L............@..p*...`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...L....@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):43120
                                                                                                              Entropy (8bit):6.314942767785965
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:Dx+pe4L10ajxHJl7u4WHjWZ82ADib6IysSoQuSKhE:1K0ajRu4WKZ8tOb6I1L7SKhE
                                                                                                              MD5:2BFDFE0FB1AA5E9B398C49BB006B92A9
                                                                                                              SHA1:5AABCCBC39F240DEEB048FCB4A7D636D787E4E34
                                                                                                              SHA-256:BF0DC8C853201F9AC9E8B5A9696C24C46DCD9B8AE20CA5744B5B11574E175156
                                                                                                              SHA-512:71E937DDDCF890661819A80679B62CC16912A713EE13F26DD9AB0E05438A680E4925AFBFDEEDC3409F908512F6AF34DC33C552A50A90C6C9321D285A851C6244
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.P..........." ..0..t..........z.... ........... ...............................[....`.................................(...O.......L............~..p*..........p...8............................................ ............... ..H............text....s... ...t.................. ..`.rsrc...L............v..............@..@.reloc...............|..............@..B................\.......H.......|R..t?..........................................................0..Y........-.r...ps....z.-.r%..ps....z(....-.(....-...%-.&(-...+.(........sN.........s.......o....*..-.r...ps....z.-.rC..ps....z.(.......s......o....*.(<...*..s....}.....(......}......%-.&rW..ps....z}......}....*...0............o....(......{....o....,L ....s....s......{......o.....{..........(......o....o.....o.....:.,..(......{..........(.....{......o.....o.......,..(.....*.......@..\........o.........

                                                                                                              C:\Program Files\Wildix\WIService\Serilog.Sinks.Debug.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17520
                                                                                                              Entropy (8bit):6.83969555329617
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:XrDJKl99Xk8jr8VSurQ2ADir/6rDzhW5w56SofousWu4qi7:Xr20L82ADib6dWysSoQuS2
                                                                                                              MD5:9F018137CCC7684C1922C8D8FA7BA364
                                                                                                              SHA1:E2C26A5BE58B2511043F918939B40134428A4E7A
                                                                                                              SHA-256:7F1D68C22394D54159E918B089CF721DC0F5EF5BD2E9699ED135945ED20E020F
                                                                                                              SHA-512:713C6D48BB186326492FF1466810FF7E270719F5A9A755C4BF84BC66679587223EA9973842EB3D719E2A5B564F488CDE34E39BB5286DBAD428E26E8EA7ED800C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^/... ...@....... ...............................0....`................................../..O....@..@...............p*...`......X...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................>/......H....... !.......................-.......................................0../........-.r...ps....z.-.r%..ps....z..s..........(....*..-.r...ps....z.-.rC..ps....z..s......o....*v.(......%-.&rC..ps....z}....*....0..+.......s......{......o.....o....(.......,..o.....*.......... ......BSJB............v4.0.30319......l...0...#~......\...#Strings........X...#US.P.......#GUID...`...X...#Blob...........W..........3........................................................................

                                                                                                              C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):36976
                                                                                                              Entropy (8bit):6.423492405586302
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:F2IVwX/kpnTXMcTWpHdD2JRrcfwcyT82ADib6jysSoQuSt:/wXcpnTXMwWmJRXVT8tOb6j1L7St
                                                                                                              MD5:F632DC6A8B6A9D34F1A24B39475965E2
                                                                                                              SHA1:44F478B7B76F9B23E5E78D25157BF58FE675A223
                                                                                                              SHA-256:7B10A8C77CE1BA7B68ED742590031BACEC6EEA9641AB0AD2F0DDA40BF7D05C61
                                                                                                              SHA-512:6B54ACBD0C5510EABCABE475011E14DA71C096A2F4E4235C605283D9E87903F202C94D3F24006DBC67C143064212CF80D545362C73B7E903AF607A9207666DBC
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%>^..........." ..0..\...........{... ........... ..............................>.....`.................................O{..O.......4............f..p*...........z..8............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...4............^..............@..@.reloc...............d..............@..B.................{......H........8..XA.................. z.......................................0.."...................................(....*...0.. .................................(....*.0..O........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........................(....*..0..(..............s..........................(....*.0..?........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s...........(....*..0..8.......... ...s..........................................(....*.0..9........-.rM..ps....z.-

                                                                                                              C:\Program Files\Wildix\WIService\Serilog.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):130672
                                                                                                              Entropy (8bit):6.183884930918232
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:Gy8BcjSMkNtSR4rkA4Nqnv/BZ8OQNZMpWovqnSOD1fSr:jPSMkNtS6rzH7H+y2e
                                                                                                              MD5:381D1F6EAC3487FB809F4A67B20BBFC0
                                                                                                              SHA1:7AE67391144F1C3BDDB739F89499E4DFC2E01561
                                                                                                              SHA-256:CEA976F7B2AD44B80CAABCD2E2E443D4A58BB31839C6E12F68E49234FDCFD121
                                                                                                              SHA-512:A702FC408F953B96E5BFFAAB5953E08FF7F4215A6A87BA94E283EEB6D1E87BD79D34D8421ECD98180844BB037553F958D4E9B71900A085C3B62757BD848CDD74
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T<..........." ..0.............:.... ........... .......................@............`.....................................O.......................p*... ......X...8............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...`A............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .... )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..{3...*..{4...*V.(*.....}3.....}4...*...0..;........u......,/(+....{3....{3...o,...,.(-....{4..

                                                                                                              C:\Program Files\Wildix\WIService\UC.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):461424
                                                                                                              Entropy (8bit):5.25726869136666
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:mw/0k3XAYWQuyOGiUpXWFgXFQIY0EH7+0BJmmDAvQNRplhxy6woW0nFTF9YvORIg:L8KXAy7qy6EOdgQ
                                                                                                              MD5:6CD6DE9E328D4FDDBD0E3D5673369C3B
                                                                                                              SHA1:0A0915D6B89CAEF5A9D8D170089ABEBEAF6A183C
                                                                                                              SHA-256:5282E7BD01BD8C7A29E418E9F9EA7559A1A6E9F4CA3311399DC957296CEF5FF4
                                                                                                              SHA-512:53B1D121698D22A821093F88A5D1270A8243D7CDC836AF338045562363C0C2AFA222D925B6FFD89C238B0775A6F946F539431FC46E9964CE2D382BE9434D2752
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aF..%'..%'..%'...[~.$'..%'..$'...[..$'..Rich%'..........PE..L.....tg...........!..."..................................................................@.......................................... ..................p*..............p............................................................................rdata..t...........................@..@.rsrc........ ......................@..@......tg........j.................tg..........................tg........l.................tg............................................RSDS.BO..$.M..+.V.C{....C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\deploy\oi_release\UC.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02........................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\UninstallWIService.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Category:dropped
                                                                                                              Size (bytes):162168
                                                                                                              Entropy (8bit):7.073455164608616
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:ZbG7N2kDTHUpoub7G1GFkTvQnKKjRCCDgqqAuKF5s34FEbfPzSzz1fSJ:ZbE/HUzi1GF9n6fqjup34GbfWdM
                                                                                                              MD5:4D27F2943AD5052773E7741645B23DD6
                                                                                                              SHA1:61B2A58C06C45A5682A24C32E4317EE07C685CFC
                                                                                                              SHA-256:802AEB611760C67B68BE019480F65F8EA7BAC6CC30BC89D840DF895A7C3DA55F
                                                                                                              SHA-512:85C5CA1FAF19A1168932C1C7259314A276ACBDDBD6F60BF5B9A89DEFE8440FDDB21E9EC9C04C1EC1F03FF3951162B20059C8A7218D72933872824A2367641B6E
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@.......................................@..........................................p...............O..p*...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):397424
                                                                                                              Entropy (8bit):5.896845001178328
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:rNQ4YiZ6kjpxx981KKjQ9w53HW1fnAgCGCbmScQ:JrZ6kNxx9PKdU9AYAT
                                                                                                              MD5:1A03B412419726F712C0C944D9223EBE
                                                                                                              SHA1:D996B0D84B4FD60A0C88375D20E8FAD796D30946
                                                                                                              SHA-256:232B5CE24F0E7EE6341A59E7BA939B63F6C5918AD847B453234029146C3F60A0
                                                                                                              SHA-512:705D5C732F913C8C2E392592C91128F6FE5706ACF1FDF933042A2C4D40AAC90D3DF0478E9ECE9885E718E3FF5C81E7CB76974070148B4E8D9729F52057C8CF6A
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.tg.........." ..0.................. ........... .......................@............`.....................................O.......@...............p*... ......P................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B........................H.......@...H=...............*...........................................0...........(......({...}....( ...o!...o"...o#.........%....o$....(%.....s&...}.....{....r...p(...+((...o)....{.......{....(|...o*....{.... .....{....(|...o+....{.... .....{....(|...o,....{.....".{....(|...o-....{.....o...."...A.s/...o0....s&...}.....{....r7..p.........(1...o)....{.....2.{....(|...o*....{.... .....{....(|...o+....{.... .....{....(|...o,....{.......{....(|...o-....{.....o...."..PA.s/...o0

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookAddin.dll.manifest

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3755)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):19152
                                                                                                              Entropy (8bit):5.393272662156399
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:2yw5tUebz1qEr5M5Q92rbYQujYSQxrjfTr+RLX8uy3i/yI72yWU8zS1Ap5kxP0Ko:tw5tUebz1qEr5M5Q92fYQKYSQxrrWtMn
                                                                                                              MD5:B079016897676DE86F27C99F428B8808
                                                                                                              SHA1:4A75733DF4F6D833898599100AD6ECA2CDD8AE17
                                                                                                              SHA-256:9ACDD49BF2F04E1E6400905BA43D617A67C1260E8B97B93DB322234767FFC35A
                                                                                                              SHA-512:4CD033711E425FA9ED5AA8C8F8DCB575C865735B3B2B3FE6DF04AA22B84A5C7F249245DFC3E5DBF6265229D71967C8C3F51F692AF30FBC1B83DDB7BB829830FC
                                                                                                              Malicious:false
                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <asmv1:assemblyIdentity name="WildixOutlookAddin.dll" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" type="win32" />. <description xmlns="urn:schemas-microsoft-com:asm.v1">WildixOutlookAddin</description>. <application />. <entryPoint>. <co.v1:customHostSpecified />. </entryPoint>. <trustInfo>. <security>. <applicationRequestMinimum>. <PermissionSet Unrestricted="true" ID=

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookAddin.vsto

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (3784)
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5585
                                                                                                              Entropy (8bit):5.810263805047951
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:0WLwO9Zc9vHTPkucpkF8YmORsZalUEgdF8YxzFodo9bBDA:ffFkLPdEA
                                                                                                              MD5:DB9C70488F4DA3E672D17C6C7EEB5ED6
                                                                                                              SHA1:49BA2D0791E5B3523FB076792843A71D4000E15B
                                                                                                              SHA-256:5D457F66530E9A4553D428BD95ACFBFB578884561619F90BE19D171DD253DEFC
                                                                                                              SHA-512:B138ABA72CAF390AAB04DD77F1E660751534878F2E8278E1C92433AC305AC215C30E0FA60522658FCD63D18B821D0B869BB6B369FBF3D4FD3B4C65C09DCC093B
                                                                                                              Malicious:false
                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>.<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">. <assemblyIdentity name="WildixOutlookAddin.vsto" version="1.0.0.0" publicKeyToken="ba03c384a1328835" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />. <description asmv2:publisher="Amazon.com" asmv2:product="WildixOutlookAddin" xmlns="urn:schemas-microsoft-com:asm.v1" />. <deployment install="false" />. <compatibleFrameworks xmlns="urn:schemas-microsoft-com

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookCommon.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23664
                                                                                                              Entropy (8bit):6.560940967824352
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:NVVKiOteMGnUvLMktlhw75P72brQ2ADir/6raX5w56SofousWu4Kfyg:NVkiO4MzpJwZA82ADib64ysSoQuSH
                                                                                                              MD5:FAEA425A09F6DCC14F03D967946FC6E3
                                                                                                              SHA1:8569910F5F5B369CAD5FA232ED5EE8A3CC38564E
                                                                                                              SHA-256:17DD9AB9E3C5733DF4BE6D2B6F6961F053E1B22C1E44F6B611359412C1B0DB49
                                                                                                              SHA-512:6EF24695606B67E78A02A9C5911D2325A39FB5DDA230F5DA7858EE436A317C5779AD4C01285948EF5A09813E190A3B53AE952DFD52D9D7CD38FBFE832202E4A4
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A............" ..0..*...........H... ...`....... ....................................`.................................XH..O....`...............2..p*...........G..8............................................ ............... ..H............text....(... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B.................H......H.......x$..$#............................................................(....*..{....*"..}....*..(....*..(....*..(....*..{....*"..}....*..(....*..{....*"..}....*..(....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......(....*:.(......(....*~.(......o....(......o....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(.....r...p( ....s....(".....($.....

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):586864
                                                                                                              Entropy (8bit):5.063139636129146
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:SIjggFdum2P4yaUXShvjSRbu05zpERTuZKKjQ9w53HW1fV/vDKjQGZ5bHWhUkzGc:KguBQyaUkJdxKdUbKXwjzF
                                                                                                              MD5:0D4C25344365AF560C17E3EB7D649427
                                                                                                              SHA1:3D44C52059AD8ABEBAD9578179BA7E6DED2C55E7
                                                                                                              SHA-256:0672D29C4D7BBC087FE5ED4AAA8E2842E16D3947114DBB64EFA8613E106379F1
                                                                                                              SHA-512:AA91EC560C875914D1F085CF80EBED3A5B2668DFDA5DC3782861C13BAD598C82A0C4A919005053754BC44BE432627ECFE446DAE9D2DD4E00FD861F0333CA8D78
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.tg..............0..............+... ...@....@.. ....................... .......p....`..................................+..O....@..................p*..........t*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................+......H.......p....0..........T... +...........................................~....*..(....*..0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r...p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..r.......~..........(&....o'....+5..((...o)...o*....~.....o+...-.r5..p.(...+~.....o-.....(....-...........o/.....,..(0....*..........BY.........._g.......0..;.......~..........(&...rm..p(1...~....~....o2...o3......,..(0....*.........

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe.config

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):146
                                                                                                              Entropy (8bit):4.983767070197417
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vFWWMNHUz/cIMOodBQV7VKXRAmIRMNHjFHr0lUfEyhTRLe86AEDDQIMOov:TMV0kInV7VQ7VJdfEyFRLehAqDQIm
                                                                                                              MD5:05BD64DBD44CF1C95236670D3842562F
                                                                                                              SHA1:824B16AD66771809D9BB32001875AA3C372C7C9C
                                                                                                              SHA-256:40859DA4B6DE7510504DD13877345D92B4DF66EA09C6C4F4E72C7AE3610974AA
                                                                                                              SHA-512:85FD03363DCDEF8B2A45C74605E0009249ADCA8BEABE06CBB90F6B1B00761C02B6BEB02B8BBD3DDC6965E98CEA820D5023705584D5B7DA5CD2FA3CB9AAF66E9D
                                                                                                              Malicious:false
                                                                                                              Preview:<?xml version="1.0"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1"/></startup></configuration>..

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookSync32.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5364336
                                                                                                              Entropy (8bit):6.803295159333163
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:98304:EBDD78pFjrWkS2vQHbajE/OvLenj9QG96rDcmdD:+DQnjrWkS24Hbajcfj9c4q
                                                                                                              MD5:206E87E60FE774EC5A94EB99B8B2B070
                                                                                                              SHA1:BD463F6584F263B85B656C58AFBB1D7AF14975DE
                                                                                                              SHA-256:EFFC0165FADBCDC21A9C3C000922CB98A293398486A24E50A70789F257CF9F20
                                                                                                              SHA-512:72E9FC83E77BD9E69AEC91CB836CACEC0C7A20B04A8EB02F7698DF16A3AC095BF972BCBE4F1AA85D17E00C6FA703D87763C328E7D1F717DF4B8F2C1BC21107C1
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{..{..{......{......]{....<.{......{......{.......{......{......{..{...z..{..{..L...(y..L...{..L...{..L.>.{..{V.{..L...{..Rich.{..........PE..L.....tg...............".,<.........X.6......@<...@..........................pR......R...@.................................L(J......0N...............Q.p*....O.T.....G.p.....................G.......G.@............@<..............................text....+<......,<................. ..`.rdata.......@<......0<.............@..@.data...T....PJ..N...2J.............@....rsrc........0N.......M.............@..@.reloc..T.....O.......O.............@..B........................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\WildixOutlookSync64.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):6427248
                                                                                                              Entropy (8bit):6.617744849493833
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:98304:fd+J+bYZD4OdDcJW7+6vABZvzYMflMs0fRu:VsuM46cJWdvAvvPdd+u
                                                                                                              MD5:9EA16A6444682CE6BC5A12433EB47453
                                                                                                              SHA1:893F4F4E1498CB641B85368D7203B2BFE0A5B658
                                                                                                              SHA-256:1ACE7C7705205DD8B5933C0A76827177912AD3201F5448425B11BD897BB92CC2
                                                                                                              SHA-512:C4B0BADCA6B592D07D2DC883B2DB37EED1548A8F69117EE9CA6EB640419FABB12D62F5A59D752001F2090997F69FFE07D8651E0D57B9335CCB520D5C455FD56D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......a{..%..C%..C%..Cnb.B(..Cnb.B...CjfoC"..Cjf.B6..Cjf.B/..Cjf.BO..Cnb.B>..Cnb.B0..C%..CB..C%..C9..C.f.B...C.f.B...C.f.B2..C.fmC$..C%..C$..C.f.B$..CRich%..C........................PE..d...a.tg.........."....".ZF..8......P.@........@..............................b.....u0b...`...................................................Y.......`.......].l.....a.p*...@b.(....;S.p....................<S.(....:S.@............pF.`............................text...?XF......ZF................. ..`.rdata.......pF......^F.............@..@.data...\c...0Y.......Y.............@....pdata..l.....].......\.............@..@_RDATA..\.....`......._.............@..@.rsrc.........`......._.............@..@.reloc..(....@b......Ra.............@..B........................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3430
                                                                                                              Entropy (8bit):3.577875788113156
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:yei1q97/qlLaq4i77cMUF39Qg9c9V9Lvara+iaiusupRCRf9ufAuRa7T5XhPsV8n:t2ll4i77h4iGdiaipV9ll7dhFF6+
                                                                                                              MD5:9E02EAF2592DE18E8058FD254C89FAD5
                                                                                                              SHA1:EB5FCE36FC938929D27348CA9B0040CFED0FF8B4
                                                                                                              SHA-256:870D3C739BEB158446DEEED2B5C92854C2726A92B3294F0C07C52AE65CD51ED1
                                                                                                              SHA-512:5C82E7D21BA6D828EED7BF9F313C864AB59DE695DF4B62D31DD2CCB838B60E65C7EEAB56606CBBBE8FBB11A4D70ED42D1D10F3EA9834B5203BBD5B6067648226
                                                                                                              Malicious:true
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.D.a.t.e.>.2.0.2.0.-.1.1.-.0.4.T.1.1.:.5.9.:.4.6.<./.D.a.t.e.>..... . . . .<.A.u.t.h.o.r.>.W.i.l.d.i.x. .s...r...l...<./.A.u.t.h.o.r.>..... . . . .<.U.R.I.>.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e. .u.p.d.a.t.e. .c.h.e.c.k.e.r.<./.U.R.I.>..... . .<./.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.C.a.l.e.n.d.a.r.T.r.i.g.g.e.r.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.0.-.1.1.-.0.4.T.0.1.:.0.0.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . . . .<.R.a.n.d.o.m.D.e.l.a.y.>.P.T.5.H.<./.R.a.n.d.o.m.D.e.l.a.y.>..... . . . . . .<.S.c.h.e.d.u.l.e.B.y.D.a.y.>..... . . . . . . . .<.D.a.y.s.I.n.t.e.r.

                                                                                                              C:\Program Files\Wildix\WIService\dotnet-dump.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):5319784
                                                                                                              Entropy (8bit):6.624489203238988
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:IDTNbgZbsK5pM9TJFppvgKnkt21tgJEyacq0+W3Ua+zxn1OqH:YJbNFF/gV/17sOA
                                                                                                              MD5:1529A91171C5E94E3053B933E4244417
                                                                                                              SHA1:1E7340E648898F396E39F86A5CC37AD396FD4918
                                                                                                              SHA-256:9CC8F2C258EE3E9A0B15D6F289B27EA96992ADBAB92428A04BAE0A258FAF78BD
                                                                                                              SHA-512:3FB39B3B3620B818FFD28932855E397F3EF5AD151CE396A4A650823F711065F49709013D6DED8268A7A29FFD989C372F4AE3C2CAAA7F5D51124E2A39AF05ACFC
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........V...V...V.......[.......k.......v..._.W.D...9..._...V..........[......W...RichV...........PE..L......`.................P...................`....@..........................P......e.Q...@.......................................... ................Q.p*...0......p...T...................h...........@............`..(............................text....N.......P.................. ..`.rdata.......`.......T..............@..@.data... ...........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDDTYPE.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDNAMES.GPD

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHEM.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Program Files\Wildix\WIService\fax\STDSCHMX.GDL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):532080
                                                                                                              Entropy (8bit):6.370246167881384
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                              MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                              SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                              SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                              SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRV.HLP

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
                                                                                                              Category:dropped
                                                                                                              Size (bytes):21225
                                                                                                              Entropy (8bit):3.9923245636306675
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:g8qo9MqLEGX9WkaNWvbAsmrEGckkwy95/HLQdu:g8rMqLwkW8AsqEHkkwy7N
                                                                                                              MD5:6798F64959C913673BD66CD4E47F4A65
                                                                                                              SHA1:C50FAA64C8267AC7106401E69DA5C15FC3F2034C
                                                                                                              SHA-256:0C02B226BE4E7397F8C98799E58B0A512515E462CCDAAC04EDC10E3E1091C011
                                                                                                              SHA-512:8D208306B6D0F892A2F16F8070A89D8EDB968589896CB70CF46F43BF4BEFB7C4CA6A278C35FE8A2685CC784505EFB77C32B0AABF80D13BCC0D10A39AE8AFB55A
                                                                                                              Malicious:false
                                                                                                              Preview:?_...........R..r...i.....(),.aabo.utadvanc.edAllows.andareas.assigned.availabl.ebebookl.etc-.hang.e..racter@Clickc. o.de..sColo.rc.0..scon.taindefa.ultdepth.directlyi.0or..sh..PD.isplaysd.ocument.P.sdraftse.n, ex..nal.featuref.ilesfl.....PrFor..m..-.to-trayf.romgraph$ic.@sh@.to.neH.@dhig.herIfima.gesininE..atio..sta.ll.@..itLe.t..Listsl.o..*.nualm.em..meta..2mS.tM!...enhoto..Oy.w.o.per\.ngop.timizh ...@.nsor..p.......spa3.Pri.ntp.0..ed.0..0er.@-spe.cific.@s1 .m.q..ityQ.0.relaB.RET.k.ghseese.l..edsets.oftSomes0ourc}.P ed.S.@sb.'.poo...gsuchsu.pporttak.est..tha...eT..'.oTo...TrueType...l.usevie@wWhenw. e.1.rw..hwil.lyouyour.;bynewof.fs/...&....;)....z4..............................N.......|CF0.lR..|CF1..R..|CF2..R..|CF4..R..|CF5..R..|CONTEXT..)..|CTXOMAP.. ..|FONT.. ..|Petra..2..|PhrImage.....|PhrIndex.....|SYSTEM.2...|TOPIC.....|TTLBTREE..!..|TopicId.=J.......................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIDRVUI.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919664
                                                                                                              Entropy (8bit):5.991555850090375
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                              MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                              SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                              SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                              SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\UNIRES.DLL

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856688
                                                                                                              Entropy (8bit):5.596774833480957
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                              MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                              SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                              SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                              SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Program Files\Wildix\WIService\fax\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Program Files\Wildix\WIService\fax\wfaxport.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):940144
                                                                                                              Entropy (8bit):6.458898363798956
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:5pcIN4eGbIp0dMAonEWorRdvfd+Xu6VrZUcu2jRwzjeL7i8XVbsT3zpf3ygLuITz:5pv2OrkeL+8U3zpvyOuARXwo1
                                                                                                              MD5:1DED360B71C4C83EB10B0C08B6597C9E
                                                                                                              SHA1:80CC899D7CC2483B01185CD528210A399C76DBDD
                                                                                                              SHA-256:D9B43DF509EE41A62E74241A541723E309FA5A4470E3132E7DD2C54314DF4E2D
                                                                                                              SHA-512:45616968A18B7789F9256CFD7E2023D6644A34B5F29ADF138E058BBDCDC2231FA3DC37DD28796F85AB1D63E60F9E9C8C010AEE162DAC9031B0E605C463966A78
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d...H.tg.........." ..."..................................................................`..........................................5..p...`6.......`..p........~......p*...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtBase0x5e2f.dfu

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):306752
                                                                                                              Entropy (8bit):6.141499008290493
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:pgwRUnZJgqtQ4pVbo2Vpm0Uf0iTVeZz7YN5Aq6B0O7G36cPQ6ONU0lOXbu:CzZD0X15Yv8Oq6B0OgPfOy0lKu
                                                                                                              MD5:4F95ADAFA7E0E034EDF87B2BFDC4CDFA
                                                                                                              SHA1:E6422B41682E01BAFC3D36B20F5113F8691D83EA
                                                                                                              SHA-256:45EEC2C2BC825849E9EA8DAC2F2E6EB76353DB498EE74788CDAB82BC7F42625B
                                                                                                              SHA-512:BAB4849A4E5BEC7895CA657C2E642D926DB897987B73E9B615F3C7C35EB58AB0E3E17D7F3EFE4A88382052C0E14F32082804EBC4744724CA4755A9C336500125
                                                                                                              Malicious:false
                                                                                                              Preview:CSR-dfu2..0.....signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2C.......@...................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\DuoMonoLedBtHeadset0x5e2f.dfu

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):894220
                                                                                                              Entropy (8bit):6.412259430484631
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:byUN9kmRr6Ps+2GfGshqM6LcX95Efz4F0BOU0H3Y4G3GUrBxK8Xzg02/HxKJT:Dr1E+JMycX95EfzD0fexBxK8jX+wx
                                                                                                              MD5:F80C203D2184BE4E9CDA039C517F1556
                                                                                                              SHA1:2FE1E31B80688B88DEF0CF9AD1193C5D41C2645F
                                                                                                              SHA-256:F40F0499B23D21C2C24DB452A5482DBD36957935F593DD4D60935DE2550B1EEB
                                                                                                              SHA-512:A0F7A12F2A600A7796678E1C279D04A88FFF4118A9B4372719E5A1FB674D5EECA993548EEA79C376AB1D872EB6ECD2D8F87C7898C96E11842190EFDF0FCE0040
                                                                                                              Malicious:false
                                                                                                              Preview:CSR-dfu2........signed stack+app ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................2G...N.......................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfu.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):72304
                                                                                                              Entropy (8bit):5.55290876998526
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:Pm17Ztk6tdWavOgwfMwob8tOb6K1L7S1Un:PK7HkQvOgwfT9Sb1fS2n
                                                                                                              MD5:1340C9F8BF2A24074FF43CB663983AC4
                                                                                                              SHA1:3BCF98D2D6FDA3A5BA47BF37F8B462E5683E0BD2
                                                                                                              SHA-256:ED2448275402FD4F4F945B121B386168F0F40DDC09B33CEA0D2C42ABB1C78AE4
                                                                                                              SHA-512:A0022237AA0211659609CF0F2188530C141ED5B7AF994A3A27CACAB6DE71D3D81863DF3E6AEB8661E5A593403439668DF9EAFDB7F0814364960ACC0FF135ECE9
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&......&......&......&...^;..&...&...&......&......&......&......&......&......&..Rich.&..........PE..L.....kQ...........!.....P...........Q.......`......................................P...................................;...pu..x.......d<..............p*..........................................0k..@............`...............................text....M.......P.................. ..`.rdata...%...`...0...`..............@..@.data...(...........................@....rsrc...d<.......@..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\HidDfuCmd.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24688
                                                                                                              Entropy (8bit):6.923218305340772
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:CjEds+4wmIm0eAk582ADib6MIysSoQuSE:RdifnX8tOb6MI1L7SE
                                                                                                              MD5:50F7B26074413150020CBBC07323B58D
                                                                                                              SHA1:35AD00A36CF8DBC90E6E38931E6EA14C02BF1440
                                                                                                              SHA-256:683D0127506E21F29F8F3CB51ED6955B39832D19BFADFC0E845AFD58C5738799
                                                                                                              SHA-512:659A23E20AAA062D176AC982A50CFE46B247C13F0F8B05C8F41B8DB0F7637A4102AF79DC4DCEFA0B7890E1DA4DD87E63510634464FDAB4EFF0538AFDEE9845AE
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......]...]...]3$.]...]3$.]...]..]...]3$.]...]...]I..]3$.]...]3$.]...]3$.]...]3$.]...]Rich...]........PE..L.....kQ.....................................0....@..........................p...............................................6..d....`...............6..p*..........................................85..@............0..0............................text............................... ..`.rdata.......0......................@..@.data........P......................@....rsrc........`.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcm80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):490096
                                                                                                              Entropy (8bit):6.084433322393528
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:N6KTZsHDwx0TCAQpFTfnPyFVrCqq/KrnahQ+Nnq0B/aNOjMQpynpPQ:rsHDG0TM6sKGhQ2nq0iQUY
                                                                                                              MD5:A7AF473BDC6493C11CE071B11E324E5A
                                                                                                              SHA1:2788D07F0D5CB3C56E845905A5669603F37159A6
                                                                                                              SHA-256:566DC91237523877C6D5ACA8B5B5E7145937982A5409C78F148E18390DDDE069
                                                                                                              SHA-512:18293FD7C26E00490AACBF0DEBC8A1E05C6734E0546A8F12C3EE8067D232CEAC77DF269237736A956741B4D350852EF33F909600C77B4FE8392F802AB8974840
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-9/.iXA.iXA.iXA..W..mXA.iX@..XA.N.:.lXA...?.hXA.N.<.hXA.N.,.fXA.N./..XA.N.;.hXA.N.=.hXA.N.9.hXA.RichiXA.........PE..L...I..M...........!.........@......DT............L|................................[b....@.............................c ..d...d....................P..p*.............................................@...............................H............text....x.......................... ..`.rdata..cX.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..N$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcp80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):559728
                                                                                                              Entropy (8bit):6.452474379327697
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:XZY4lOHMwLwXBt+iaKst/Ua/hUgiW6QR7t5j3Ooc8NHkC2eWzp:XZY4lOHMM8wifstjj3Ooc8NHkC2eep
                                                                                                              MD5:E353CFB37F8EBCAA044FEF89AD1B59F3
                                                                                                              SHA1:F751BB2E7ED3DF10EADC73A780798C94D2EC10D8
                                                                                                              SHA-256:81EEFF257350C01742D16971501A54755A97DD441FF91E912958F068C1763448
                                                                                                              SHA-512:6D6CFE50E3DC87D45F25000FC992ACD3CF564A5CC928FFA3BEB99E799F528618174DE042EDCB31A73AA736CE69159A690B8D532CA1134D11134AA85F06293FE5
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p......#.....@.............................L...T...<....................`..p*... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcr80.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):637552
                                                                                                              Entropy (8bit):6.8685472952194955
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:fxzh9hH5RVKTp0G+vphr46CIFt0yZmGyYG/q:fph9hHzVKOpRFHmGyY2q
                                                                                                              MD5:D0DE1837CAAEDD6D0EB2E7DFE3A16601
                                                                                                              SHA1:FF8729A83E98CA5DFC09C8BE65FCE9C45DB536A2
                                                                                                              SHA-256:B6C7F4CB86FFA0CB076C55D659F390DF2F62A6D3FA5A896281A43E6109F77DEB
                                                                                                              SHA-512:44C02013F4D5569F35E89C783BCC2B14C3F79FE61011656FE15B57846E99343F404C3057A006D45B83678DCFBAE269E9555D6A946A355CC47D24E5AD00F33AB3
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x.................................F....@..........................q...~..Pc..<....`..................p*...p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\headsetFirmwares\msvcrt.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):701552
                                                                                                              Entropy (8bit):6.836069284857721
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:th1wtmDyLuDTFn3nLjTwDFbT82hs8mVY/P3WaNi6nS4zAEgMWPznF9SHaneX:n1wtmDyLghn3nLjYFbIv8d/fs6S4zA/u
                                                                                                              MD5:E14902AD1CF232867326AF9C91830B51
                                                                                                              SHA1:772FF493E1DD52B4B9399841E7DF7FCADFDD2A26
                                                                                                              SHA-256:DA7C567F81C6E5206858B9C3AD844950CE804CD42FD26823A862D6C8D413A558
                                                                                                              SHA-512:0DBB5438D6B448283ED379793DB205FC2E481144BC5BE6D91A54B1F9912E5C813341ED1AB53DDDD6715A64085A3FFA9BF97A07CADBE64E7228F142CE8182C0E6
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gR.......................W.............#.............u.................Rich............PE..L..."..N...........!................r..............o......................................@.........................H ...t...........p..................p*.......2..X...8...........................p...@...x........................................text............................... ..`.data....h.......d..................@....rsrc........p.......R..............@..@.reloc...2.......4...V..............@..Bb..N.......N....a..N....a..N$...b..NH...a..Ni...b..N....a..N....a..N....b..N.......N....b..N....b..N=...b..Ne...b..N....b..N....b..N....b..N....a..N#......N....b..NM......N....b..Np...a..N.......N....b..N....a..N.......N............KERNELBASE.dll.ntdll.dll.API-MS-Win-Core-Console-L1-1-0.dll.API-MS-Win-Core-DateTime-L1-1-0.dll.API-MS-Win-Core-Debug-L1-1-0.dll.API-MS-

                                                                                                              C:\Program Files\Wildix\WIService\proxyex.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Dec 31 14:42:44 2024, mtime=Mon Jan 13 15:17:45 2025, atime=Tue Dec 31 14:42:44 2024, length=16788080, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):928
                                                                                                              Entropy (8bit):4.616691771300894
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:8XC0YXcTh98DbdpF442iuEUaAyqO/vr/Gp/jA73lPDRbbdpo87D7DD7VmV:8idgyqO7SAxBd73LVm
                                                                                                              MD5:B471867C319F8EC7B3FC87EFF8F685D2
                                                                                                              SHA1:29263BAD5E151F6750C53740789EFE93659CBBD5
                                                                                                              SHA-256:B3EFE1E6B4589924F13799C5B3DCFDA6CB69C640C965987100F3436674F9504A
                                                                                                              SHA-512:C01EFCFBC6324CEDB06E52407A09487045EB5751D90F732B865AE847B3FBD428F6CAEBC1290277794C0C2840CDF0DFC4DB9D8929B9831C9E9596B5BFB42F0648
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.... ........[..5.4..e.......[..p*...........................P.O. .:i.....+00.../C:\.....................1.....-Z....PROGRA~1..t......O.I-Z......B...............J.......\.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....-Z....Wildix..>......-Z..-Z......'.......................\.W.i.l.d.i.x.....\.1.....-Z4...WISERV~1..D......-Z..-Z4.....(.....................+*@.W.I.S.e.r.v.i.c.e.....h.2.p*...YV} .WISERV~1.EXE..L......YV}-Z......h.........................w.i.s.e.r.v.i.c.e...e.x.e.......^...............-.......]...................C:\Program Files\Wildix\WIService\wiservice.exe......\.w.i.s.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e...-.-.p.r.o.x.y.e.x.`.......X.......124406...........hT..CrF.f4... ...j......+...E...hT..CrF.f4... ...j......+...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                              C:\Program Files\Wildix\WIService\resources\cdr.db

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3039004, page size 1024, file counter 3247, database pages 22038, cookie 0x1c6, schema 4, UTF-8, version-valid-for 3247
                                                                                                              Category:dropped
                                                                                                              Size (bytes):22566912
                                                                                                              Entropy (8bit):6.156856755685782
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:49152:LweRjXxSuAId92j0CeSg0np8atm8SsANGC1KuD1+U68rNMgT9A4VMD5uuTopBtlw:DyhI8GUp8atPOG6VhvcgIHRH
                                                                                                              MD5:3241A121BCF26F5E8B36663E3056B2CA
                                                                                                              SHA1:FAF689142817E79961EE45D61D40EF0204488D89
                                                                                                              SHA-256:DE37FC1A3B827F05BFF563D523CBA8007272462C24C9C1939F9B1FD13F789088
                                                                                                              SHA-512:03530AE86E5342FF84494BEF17EEDE041D918A0193357711076649493B9020A5729CCF0737BD226B8A32ED7D88E342316050DEE9C8CD13A3AE281C2B7FE2C562
                                                                                                              Malicious:false
                                                                                                              Preview:SQLite format 3......@ ......V..................................................................._...........V.............................................................................................................................................>.......StableFILTERSFILTERS.CREATE TABLE FILTERS (...ID BIGINT NOT NULL,...NAME VARCHAR(128) NOT NULL,...DESCRIPTION CLOB(2147483647),...STATE CLOB(2147483647) NOT NULL,...PRIMARY KEY (ID)..)-...A...indexsqlite_autoindex_FILTERS_1FILTERS.........w...##..5tableEVENTS_TAGSEVENTS_TAGS.CREATE TABLE EVENTS_TAGS (...EVENT_ID INTEGER NOT NULL,...TAG_ID INTEGER NOT NULL..).n...%%...tableEVENTS_STATSEVENTS_STATS.CREATE TABLE EVENTS_STATS (...ID INTEGER NOT NULL,...DAY INTEGER NOT NULL,...DATE DATE NOT NULL,...MIN_ID INTEGER NOT NULL,...MAX_ID INTEGER NOT NULL,...COMPLETE TINYINT NOT NULL,...PRIMARY KEY (ID)..). ........tableCLASSESCLASSES.CREATE TABLE CLASSES (...ID INTEGER NOT NULL,...NAME VARCHAR(255) NOT NULL,...NAME_LOWER VARCHAR(2...86...+,.

                                                                                                              C:\Program Files\Wildix\WIService\websocket-sharp.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):261232
                                                                                                              Entropy (8bit):5.839129701085833
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:8LixO6zz8t4OXDegbQy058MP2pZrCmrrDse0ecdfF7b2gqEiyDvSmqtNlVusC51E:Dn8nDenoRXoJF3bqEiyzZ5m1FsgUNu1
                                                                                                              MD5:B43803E3279FAB53E4393FBBF40B1949
                                                                                                              SHA1:ACA0E59D227808534303708354D2FD4AA2B356DB
                                                                                                              SHA-256:2B2E4F436377B7770071FD387ABE01B9D7088214E43718C9827D82E4BEA31BE6
                                                                                                              SHA-512:ECFBB03CAC1203927A6E21267C8198A62B359CCCF2A3E0EF4D9AA3C0B0A075F43D0E6B7FFFE2E225A170ABBA122BC62FF38A8682E64886CEDDF6B0236CE325A8
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....xW...........!................~.... ........... .......................@......{.....@.................................,...O.......................p*... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H...........H...................P ...........................................)....[.W......Ok.I.....&.R..m.....I}.t...kf..b!.g....$..C....H..R.:,.L..0.3.....L.R#YP.....IL1.i(...A../G..%........0..9.........o.....j.......-...+ .s......(.............-..o........*............&.......0..q........s......o.....j.......-...+R..jo........s........ ....(......o......~......o.......jo...............-..o........*...........0^.......0..,.........(.......o......o.............-..o.

                                                                                                              C:\Program Files\Wildix\WIService\wildix-oi.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):175221
                                                                                                              Entropy (8bit):3.6057445859805903
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:Fpznextut/yGjfT8nUa/XIHlbeA5yN6zHW156G6:vzeytxjQ9XA53HW15x6
                                                                                                              MD5:CE4C0FAC424ECDAFD490544CF10593B6
                                                                                                              SHA1:96B32682A928D5A9229B93586478A31E08B423F4
                                                                                                              SHA-256:A9BAE457E58D8BAB5FB10A3A6AE67D4453CECCECBE81C5AD066E86AAFD11A45A
                                                                                                              SHA-512:0F1BBF2C115CB9128594647FB9138B876E896B01CC86237EB00A695E38671955D718C4F9A712B4C0DD6CD40C99ABBC00B0442E5B192562B622EB3B9A660B228F
                                                                                                              Malicious:false
                                                                                                              Preview:......00.............. ..........~...........h...&......... ..J............ .(....h..``.... .....Ep..@@.... .(B......00.... ..%...G..((.... .h....l.. .... .....%......... .............. .....U......... .h.......(...0...`...................................K...]8..d;..f>..^4!.g@..jD..nH!.rM'.sO*.vR-.pN>.yV2.{X5.|Z6.~\9..^<..Q...V...\...Y...]...^...b...a...e...e...i...h...l...g...j...j...m...f...i...n...n...n...o...u...q...s...u...q...t...u...x...r...t...v...q...u...y...x...|...{...~...}...w...x...y...}.......y...x#..a@..fF..iJ..oP..pR..sV..vX..z^..~c.................!..!..+..+..,.....1..6..3..5..=..7...9..=...g...j...m...l...r...w...|..D..K..I..L..L..@..I..O..T.._..p..u..v......................................................p[...t...................1...Q...q.................../...P"..p0...>...M...[...i...y....1...Q...q..................../...P...p.................... ...>1..\Q..zq...................../...P...p.!...+...6...@...I...Z..1p..Q

                                                                                                              C:\Program Files\Wildix\WIService\wildix.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):99667
                                                                                                              Entropy (8bit):6.776502745804188
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:RcfWrQG1GFkTvQnKKjRCFpgqmKN5+x3pJY:ufct1GF9n6FKqmrx3pi
                                                                                                              MD5:8F898251C85EE83FE4CEF753AD127FEE
                                                                                                              SHA1:965419910C1929CF695C530456950616B85596C5
                                                                                                              SHA-256:31DEE18EA1C5E7723DB0C13C630517963E79930474B275322A0CDE686C5953B5
                                                                                                              SHA-512:4397158E3EBA45B7CD27E931F353D72042B154416036874824CC1469FA9D533C4E67B7ED81A0A9EDB480F667A9716AE999D54B3F36EA1375344BB0E944AC8102
                                                                                                              Malicious:false
                                                                                                              Preview:...... ......................(.......00.............. ......................h...6......... .-....!..@@.... .(B......00.... ..%......((.... .h....E.. .... ......`........ ......p........ .....3z........ .h......(... ...@...........................................................................................................................................................................`....o...................o...l..........lo....................o..........................................h....h....................................o...o...........o...............o...............o...........................o..........................l.......................`...............o.....h....|.....................................o..........................`......................h................h.................|g......................?...................................................................................................?............(....... .................................

                                                                                                              C:\Program Files\Wildix\WIService\wiservice.exe

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16788080
                                                                                                              Entropy (8bit):6.685932138686767
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:196608:cuNY9QWMli9PtASPB28MjMwKQLiUrqu3he/a86CDkG:cuCWi9PtxBzQLNR0a8/DkG
                                                                                                              MD5:D62710F3678538E483FFC7EA112D7F68
                                                                                                              SHA1:54212AF34D394BEF6620C2D2CBB874660EBBE523
                                                                                                              SHA-256:0F4903937AD02B65A212319365DE974F7B6529201343271B2E4CEC76A03522EB
                                                                                                              SHA-512:81CE8E21FB80EDD29CDCF890FF694D3D4FB5242B18EB7DDD882AC46978B259D27F636914A0F059556FBE9D8EA7A3103EDF1C6AC6300F81C2891EFBE90B3F6F43
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........5...f...f...f..g...f..gZ..f..zf...f..g...f..g...f..g...f..g...f..g...f...f...f...f...fp.g...fp.g...fp.g...fp.xf...f...f...fp.g...fRich...f................PE..d.....tg.........."....".p....R......>.........@.............................P......O.....`..................................................|..X....p..0...............p*...@..........p.......................(...p...@...............h............................text...*o.......p.................. ..`.rdata...V9......X9..t..............@..@.data...............................@....pdata..............................@..@_RDATA..\....`....... ..............@..@.rsrc...0....p......."..............@..@.reloc.......@......................@..B................................................................................................................................................................

                                                                                                              C:\Program Files\Wildix\WIService\x-bees.ico

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                              Category:dropped
                                                                                                              Size (bytes):207760
                                                                                                              Entropy (8bit):6.4085333829790425
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:4xJ/R9PV9qWAEWgX+RyhJs1DC0/R2eGHSWCICTDCqK79yUiG7F3kzudR1aw9M0TU:4n/R999qWAEWgX+RyhJsVC0/R2eGHSWU
                                                                                                              MD5:F214B5E008F3D23F4F01951247BAE991
                                                                                                              SHA1:DB7928B37992CD0635AB5FC1E89547C6BE813B55
                                                                                                              SHA-256:CED79B247B0C8DE449312B7CF5690E8E9DA968F22CC722DA70124BDF2A84C427
                                                                                                              SHA-512:FA5211DF2922ABC3C5091E2098DF5FAD9681E2CDC8A3287AEC49F8694B11B776A2001DED052995A34E5EF52B55A207E6069393DD9BAAEFB82CEFC98824BC7774
                                                                                                              Malicious:false
                                                                                                              Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..HH.... ..T......``.... ............... .(....p........ .:...Vx..(....... ..... .........%...%........................................................................................................................................................................)B..)B............................. ........................#3..R...U..."1........................."...!... ................Dt..]...a...Jw.........................$....!(..0O...H......*;..l...m...r...z...):......5I..;R... .....%....L...i...m...Q...$...Fo..S...U...Kq.."+..i...........w......(....>l..l...v...x...Iu..n...v...{...y...Tz..............Ut.....*...' ...=a..k.......m...?[..b...d...B\..............Ke.........+!..* ..)..."*2..R...a...e...........m...r...b...'..............-"..,!..* ..)...'...#"!..Y...o...s..._........................../$...#..,!..* ..)...'....F^..........H^.........................1%../$...#..,!..* ..)....Ni..........Ph.!.

                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wildix\WIService\Uninstall.lnk

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Dec 31 14:43:18 2024, mtime=Mon Jan 13 15:17:39 2025, atime=Tue Dec 31 14:43:18 2024, length=162168, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1955
                                                                                                              Entropy (8bit):3.422540654172799
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:8UdgyqODGm6SSEyAUhdahidVdahBufdahFPLVm:8UdEKGm8ERUhdahidVdahB2dahz
                                                                                                              MD5:37061F8B74567D5AE7B18BE0D996ABF4
                                                                                                              SHA1:CAD42BD63A053CD1F94D7140FD3352E5B94C19A0
                                                                                                              SHA-256:85558A503C3B408436798CDB2232104006FFDB3FC474299B2DDB3B3FCD565097
                                                                                                              SHA-512:2AC3FFA07B353663F5D8AD9B04145218E6C80B6D0E407A3117A7877C22E69A6039BBD708D4F3AD17601024B8C5A3CC143D61779FE03EAA4DDB462610754F21E4
                                                                                                              Malicious:false
                                                                                                              Preview:L..................F.@.. .....Y..[......e....Y..[..xy...........................P.O. .:i.....+00.../C:\.....................1.....-Z....PROGRA~1..t......O.I-Z......B...............J.......\.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....-Z....Wildix..>......-Z..-Z......'.......................\.W.i.l.d.i.x.....\.1.....-Z4...WISERV~1..D......-Z..-Z4.....(.....................+*@.W.I.S.e.r.v.i.c.e.....z.2.xy...Yi} .UNINST~1.EXE..^......Yi}-Z4..............................U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.......g...............-.......f...................C:\Program Files\Wildix\WIService\UninstallWIService.exe..J.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.l.d.i.x.\.W.I.S.e.r.v.i.c.e.\.U.n.i.n.s.t.a.l.l.W.I.S.e.r.v.i.c.e...e.x.e...

                                                                                                              C:\ProgramData\Wildix\WIService\displog.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2742
                                                                                                              Entropy (8bit):5.194688974913175
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:k0BAR+viLR+gj2R+nRlzkGdzlfGQJGrXGCXiluo8S1+QGw3g5ePBzeDztNPDuzFm:TZcN/Dd0vrWCXNod3oePBUPDuLPGdPqg
                                                                                                              MD5:50F3E470FF3732B4731869B4639F8499
                                                                                                              SHA1:F0E150E5132875EBE7B8383EDDD05E7192133FCB
                                                                                                              SHA-256:863B330D67A4662AB3152A7A04C5FC787937B1A6824C0E0C3DD1A628CE30E773
                                                                                                              SHA-512:10001F7DFC61AF22B1AEAA77F10762DE8B6EC31CE4AA59140A687BBECBD268F0D4A14AD17E962B9E5B535FAEF4359EFB6622E1906DED4DC562B77F94630579D2
                                                                                                              Malicious:false
                                                                                                              Preview:13/01/2025 11:17:46.463169|00001|info |DispatcherServiceImpl.cpp:27 (main) ------------..13/01/2025 11:17:46.463169|00001|info |DispatcherServiceImpl.cpp:28 (main) WIService Dispatcher 3.19.1.1 (Dec 31 2024 15:38:51)..13/01/2025 11:17:46.463169|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..13/01/2025 11:17:46.463169|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..13/01/2025 11:17:46.463169|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..13/01/2025 11:17:46.463169|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz x64..13/01/2025 11:17:46.463169|00001|info |DispatcherServiceImpl.cpp:30 (main) base dir: C:\Program Files\Wildix\WIService..13/01/2025 11:17:46.463169|00001|info |DispatcherServiceImpl.cpp:31 (main) writable dir: C:\ProgramData\Wildix\WIService..13/01/2025 11:17:46.463169|00001|info |DispatcherServiceImpl.cpp:32

                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\dissettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\svclog.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with very long lines (319), with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1834
                                                                                                              Entropy (8bit):5.320195890244271
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:lE3EbSEdEp5j5P6MnGivCXa9Kvl8SE7PmX9XzUPogvYPy/W+XzUPogy:c5FPLnlvCXa8vyHmX9oggvoYHoggy
                                                                                                              MD5:382586F5C489B67E379082474ADB34ED
                                                                                                              SHA1:7921716D538CF979A063EC3F5C985440695DBF45
                                                                                                              SHA-256:A05B8DAB3D3D32A8541C6A95068ACBE87BF082CA2C71714F5067E3C7ADC81835
                                                                                                              SHA-512:80446BA96945035C9688E47D1FAFF9E984EAF1634CE8D897189F429F060092DAF771FC14EFBC45EA76D34629980C0904059038D51A2EB5A74CBC6B9190398118
                                                                                                              Malicious:false
                                                                                                              Preview:13/01/2025 11:17:45.091795|00001|info |WinHostServiceImpl.hpp:26 (host_svc) ------------..13/01/2025 11:17:45.091795|00001|info |WinHostServiceImpl.hpp:27 (host_svc) WIService Svc 3.19.1.1..13/01/2025 11:17:45.091795|00001|info |WinHostServiceImpl.hpp:28 (host_svc) debugger is not attached..13/01/2025 11:17:45.091795|00001|info |WinHostServiceImpl.hpp:29 (host_svc) starting windows service host..13/01/2025 11:17:45.107423|00002|info |WinHostServiceImpl.hpp:57 (svc_main) starting service..13/01/2025 11:17:45.107423|00002|info |WinServiceImpl.cpp:16 (svc_main) killing all non userspace wiservices..13/01/2025 11:17:45.748040|00002|warn |WinServiceImpl.cpp:31 (svc_main) !WARNING! detected 1 system wiservices..13/01/2025 11:17:45.748040|00002|info |WinServiceImpl.cpp:33 (svc_main) killing wiservice 5472..13/01/2025 11:17:45.748040|00002|info |WinServiceImpl.cpp:110 (svc_main) service has been started..13/01/2025 1

                                                                                                              C:\ProgramData\Wildix\WIService\updater.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):630
                                                                                                              Entropy (8bit):4.9011976498870915
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:yBUPuxQItzAAmTuuBUPuxzwuvVkKRMa6fBqfuxzwuvVkKRMayPTBEuxzwuvVkKRo:yyyt0GuyBuNxUgBuNxkGBuNxLxy
                                                                                                              MD5:9111A696BEFC0E2619933794B223E96B
                                                                                                              SHA1:CDD02854DCA29B68973B48112F9A865EAAED1821
                                                                                                              SHA-256:9D6B0A2D3C1BECC66BC28DB4C9E4B48CB77C21ED987C1860E4086FECF57280E6
                                                                                                              SHA-512:6C7606FEB418EA0C98A66C409A046543BFBADA37BF2D853E434822282EEF23A83AE307480BD7ED1951233E48059019F99B50EAB37C1564E13BA4441FAC929817
                                                                                                              Malicious:false
                                                                                                              Preview:13/01/2025 11:17:42.292508|00001|info |Updater.cpp:32 (Updater) Starting updater... Update dir: C:\Program Files\Wildix\updates..13/01/2025 11:17:42.292508|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/integrations.json..13/01/2025 11:17:43.386257|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/applications.json..13/01/2025 11:17:44.792509|00001|info |Updater.cpp:116 (Updater) Checking update data https://files.wildix.com/integrations/x-beesNativeApp.json..

                                                                                                              C:\ProgramData\Wildix\WIService\wwdlog.txt

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1990
                                                                                                              Entropy (8bit):5.152323629640057
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:N1g16Dc3zz1Ck1z2E7so11sGyFOyb1yl1W:v26Dc3FPvsqsFF9UXW
                                                                                                              MD5:82D915650913893ACD7116CD03F6C7AD
                                                                                                              SHA1:ACE039961C68DA3B1E36D66FEDFEB996D26737D1
                                                                                                              SHA-256:051F9E3B4EF774AECE5CF4FFEDD0E3D9BD5D7BCB801E16D76DCC4D7B228AE197
                                                                                                              SHA-512:87EA6EAD22E69FC460BC03B7ED1575D495E126541BD86E4825DEC69D181300FF89B3E17B6FB75E190B0CB0254247C0006B881797719F94CCC05B2B9BFFA98741
                                                                                                              Malicious:false
                                                                                                              Preview:13/01/2025 11:17:46.395174|00001|info |WatchdogServiceImpl.cpp:36 (main) ------------..13/01/2025 11:17:46.395174|00001|info |WatchdogServiceImpl.cpp:37 (main) WIService Watchdog 3.19.1.1 (Dec 31 2024 15:38:51)..13/01/2025 11:17:46.395174|00001|info |UtilsInternal.cpp:37 (main) OS: Windows 10 Pro 10.0.19045 64bit..13/01/2025 11:17:46.395174|00001|info |UtilsInternal.cpp:38 (main) total memory: 8191 MiB..13/01/2025 11:17:46.395174|00001|info |UtilsInternal.cpp:39 (main) number of cpu threads: 4..13/01/2025 11:17:46.410794|00001|info |UtilsInternal.cpp:40 (main) cpu 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz x64..13/01/2025 11:17:46.410794|00001|info |WatchdogServiceImpl.cpp:39 (main) base dir: C:\Program Files\Wildix\WIService..13/01/2025 11:17:46.410794|00001|info |WatchdogServiceImpl.cpp:40 (main) writable dir: C:\ProgramData\Wildix\WIService..13/01/2025 11:17:46.410794|00001|info |WatchdogServiceImpl.cpp:41

                                                                                                              C:\ProgramData\Wildix\WIService\wwdsettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\ProgramData\Wildix\WIService\wwdsettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56
                                                                                                              Entropy (8bit):4.355851127144314
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:iX0p16O9JZvAJHf9KDH:00p4GsVKD
                                                                                                              MD5:EA39EA80736C86AA40E41378ACAFFB6B
                                                                                                              SHA1:4A42A50999D885944420260DAF8CF2B2AA6E2C45
                                                                                                              SHA-256:1E6CCA52C207785A095A5966D7187AC18F717AE87421EEB36680F926BE3EB1E7
                                                                                                              SHA-512:E866E0A1E8E967537BCC1F582916A6F43461CB30BFEDB03FCA9331E6A5CAADF137422038E544C140EB1BCFE4693FCCDE9E37C11190DF710F6B7E7462424535CC
                                                                                                              Malicious:false
                                                                                                              Preview:{. "garbage_lifespan_days": 30,. "log_level": "info".}

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4761 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4761
                                                                                                              Entropy (8bit):7.945585251880973
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:6ZUpZsm0HwZ8FLSeXs+aiL9qcZ7KtlAD1GlNHgdkVI5F11AcNmwkVFzGz6ENhZC7:62T0QOLl8vAqcZ7K3AUNAdx5FAx9VEOj
                                                                                                              MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
                                                                                                              SHA1:9E98ACE72BD2AB931341427A856EF4CEA6FAF806
                                                                                                              SHA-256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
                                                                                                              SHA-512:3537DA5E7F3ABA3DAFE6A86E9511ABA20B7A3D34F30AEA6CC11FEEF7768BD63C0C85679C49E99C3291BD1B552DED2C6973B6C2F7F6D731BCFACECAB218E72FD4
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF............,...................O..................YWP .disallowedcert.stl.lJ..B...CK.wTS.....{.&Uz.I."E".HS@. .P.!.....*E. .DQ..... EDA.H. E..""/.s<.s.9.....&#.{~k.VV..7@......b.R....MdT..B.L..%.C......" ....%.4%..%*.B..T.d...S.....pem..$....&.q.`.+...E..C.....$.|.A.!~d.H>w%S$...QC't..;..<..R@....2. .l..?..c..A....Ew...l..K$.. ~...'......Mt^c..s.Y%..}......h......m....h.......~d...,...=ge3.....2%..(...T..!].....!C~.X..MHU.o[.z].Y...&lXG;uW.:...2!..][\/.G..]6#.I...S..#F.X.k.j.....)Nc.].t^.-l.Y...4?.b...rY....A......7.D.H\.R...s.L,.6.*|.....VQ....<.*.......... [Z....].N0LU.X........6..C\....F.....KbZ..^=.@.B..MyH...%.2.>...]..E.....sZ.f..3z.].Y.t.d$.....P...,. .~..mNZ[PL.<....d..+...l.-...b.^....6F..z.&.;D.._..c."...d..... k9....60?&..Y.v.dgu...{.....{..d=..$......@^..qA..*uJ..@W.V..eC..AV.e+21...N.{.]..]..f]..`Z.....]2.....x..f..K...t. ...e.V.U.$PV..@6W\_nsm.n.........A<.......d....@f..Z... >R..k.....8..Y....E>..2o7..........c..K7n....

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):340
                                                                                                              Entropy (8bit):3.2141379750818904
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kKH+C5+7DNfUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:/+VLkPlE99SCQl2DUeXJlOA
                                                                                                              MD5:6EBC855C0E0FB7D992DA0E97C754C07A
                                                                                                              SHA1:6ED94E6362D2A836324EA51B69A51C050B9E64FB
                                                                                                              SHA-256:623BBA3C09B862871632C0D256C3E534E19CCCC5C9DB1D71C582E49F52D4AE38
                                                                                                              SHA-512:1F3482C1046B31C475348F48FAB156DDF0109EA58B3DA57068E89DC7B3BE79D89924F31297D79928697ECB3FCF7E4A5456AFF156CBAE16D929919B80CB94C91C
                                                                                                              Malicious:false
                                                                                                              Preview:p...... ........C..u.e..(....................................................... ........~..MG......&.....6.........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):42
                                                                                                              Entropy (8bit):4.0050635535766075
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                              MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                              SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                              SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                              SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                              Malicious:false
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                              C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):12288
                                                                                                              Entropy (8bit):5.814115788739565
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                              MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                              SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                              SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                              SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\modern-header.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 165 x 57 x 24, image size 28272, resolution 2835 x 2835 px/m, cbSize 28326, bits offset 54
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28326
                                                                                                              Entropy (8bit):2.5710862958427496
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:R5ZzmIhanXqiRFlbiRoXt7m4ju119MiieiK35JW0U1JIhuauz3A:R5Zz5QX1FtiRytSEu9Miiq5JW9IhuBQ
                                                                                                              MD5:EE5DCD5040C0616D92FA8E7A3344D455
                                                                                                              SHA1:D2A13B9E9965C99E9637FFE0CFDC54A791B0944D
                                                                                                              SHA-256:DAA94974E168B4D92C281BA0B774390C9E052833926E22929CD5A4569A0ECB97
                                                                                                              SHA-512:23CB22368B444E00EE5EAC5D86427801312550A1ACDF5652756A88205A32E862D9D636877323AA6503DA660107305036AFE7E7C79B9586160362E50AD138DB68
                                                                                                              Malicious:false
                                                                                                              Preview:BM.n......6...(.......9...........pn....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\modern-wizard.bmp

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26494
                                                                                                              Entropy (8bit):1.9568109962493656
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                              MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                              SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                              SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                              SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                              Malicious:false
                                                                                                              Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                              C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsDialogs.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):9728
                                                                                                              Entropy (8bit):5.158136237602734
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                                                              MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                              SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                              SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                              SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\nsExec.dll

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7168
                                                                                                              Entropy (8bit):5.298362543684714
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
                                                                                                              MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                                                              SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                                                              SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                                                              SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):55
                                                                                                              Entropy (8bit):4.435194258664517
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:BCZHuj+U5E4gn:BOViEh
                                                                                                              MD5:051341639D86D8F6ED75C5143E810ACF
                                                                                                              SHA1:E01CA0797BD388B11F4F8E37E31EBF126E7BDA5B
                                                                                                              SHA-256:96EABF2D7DC4CF16A46EEED8938817374F21B11146497CD6E143A314CCCBEA46
                                                                                                              SHA-512:AA5CDC9BC1FA49ECE540F04A44FD6F76F58EE00DF0FACB3C09D755926AA6959A346DD153CCB171D3C0B05F598B72F47C28C4FCE0910A0E31A695E95D46012027
                                                                                                              Malicious:false
                                                                                                              Preview:{. "log_str": "6e68ecc3-ce8d-467c-a030-7bccf662b386".}

                                                                                                              C:\Users\user\AppData\Roaming\Wildix\WIService\wissettings.json.backup

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:JSON data
                                                                                                              Category:modified
                                                                                                              Size (bytes):55
                                                                                                              Entropy (8bit):4.435194258664517
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:BCZHuj+U5E4gn:BOViEh
                                                                                                              MD5:051341639D86D8F6ED75C5143E810ACF
                                                                                                              SHA1:E01CA0797BD388B11F4F8E37E31EBF126E7BDA5B
                                                                                                              SHA-256:96EABF2D7DC4CF16A46EEED8938817374F21B11146497CD6E143A314CCCBEA46
                                                                                                              SHA-512:AA5CDC9BC1FA49ECE540F04A44FD6F76F58EE00DF0FACB3C09D755926AA6959A346DD153CCB171D3C0B05F598B72F47C28C4FCE0910A0E31A695E95D46012027
                                                                                                              Malicious:false
                                                                                                              Preview:{. "log_str": "6e68ecc3-ce8d-467c-a030-7bccf662b386".}

                                                                                                              C:\Windows\Logs\SIH\SIH.20250113.111609.135.1.etl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):12288
                                                                                                              Entropy (8bit):3.1705345048520748
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Fz9sELJqDpubdz8Lvapf6r7bLc0E10ZS0x:Fh5LJqDpubdzwv+f6r7/c0E10ZS0x
                                                                                                              MD5:1D8CB3EF52487BB58FC3DC955B5CDDB7
                                                                                                              SHA1:6CEF0391CD75A12FFB1FBA6FE4548D18F99286E6
                                                                                                              SHA-256:7D2C628B7CEC4337BAFA2F620DD4EE7F58CC2C0ED5733BDCD1BFBF7D59B42D86
                                                                                                              SHA-512:3524F69F1489E5FF323FF917E49022882168AEDCDB1F9C2C9033E6050889FC8F508DC8B639FBB5DD0D19F0BBFB8BAEB31E4B3BC798B56C36494EC15F3D504010
                                                                                                              Malicious:false
                                                                                                              Preview:....P...P.......................................P...!...............................|......X....................eJ......]H...e..Zb....... ......................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@...v...........sU.t.e..........S.I.H._.t.r.a.c.e._.l.o.g...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.S.I.H.\.S.I.H...2.0.2.5.0.1.1.3...1.1.1.6.0.9...1.3.5...1...e.t.l.......P.P.....|......X....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMP40AA.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:Microsoft Cabinet archive data, single, 462 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 31944, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                              Category:dropped
                                                                                                              Size (bytes):17126
                                                                                                              Entropy (8bit):7.3117215578334935
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:D5X8WyNHDHFzqDHt8AxL5TKG+tJSdqnajapCNjFZYECUqY7oX9qhnJSdqnaja2Sl:qDlsHq4ThPdlmY9CUiqOdlm2W
                                                                                                              MD5:1B6460EE0273E97C251F7A67F49ACDB4
                                                                                                              SHA1:4A3FDFBB1865C3DAED996BDB5C634AA5164ABBB8
                                                                                                              SHA-256:3158032BAC1A6D278CCC2B7D91E2FBC9F01BEABF9C75D500A7F161E69F2C5F4A
                                                                                                              SHA-512:3D256D8AC917C6733BAB7CC4537A17D37810EFD690BCA0FA361CF44583476121C9BCCCD9C53994AE05E9F9DFF94FFAD1BB30C0F7AFF6DF68F73411703E3DF88A
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF............D................|...............A..........d.......................environment.xml.....b...CK..ao.0...J...&.q...-..;+.6+-i.......7.....=....g.P.RQ.#..#...QQ..p.kk..qX..)...T.....zL#<.4......\k..f..,.Q...`..K7.hP..".E.53.V.DW.X).z.=`.COO 8..8.......!$.P!`00....E.m..l .)".J.vC..J..&...5.5(.a..!..MIM...*......z.;......t.<.o..|CR.3>..n.;8dX....:....N.....U.......J.I(vT..3...N....$.._^.A<....&=._(N....m.u.1}.....Ax.b8....q~.i..0.A...*.H........A.0.@....1.0...`.H.e......0....+.....7......0..0V..+.....7....H.......$f.....`..41200..+.....7...1". ...,..gK.........(...._`Oa..;%.010...`.H.e....... K...,.%@.b./.a...Q.:..E.7....V~....0...0..........3....!.G~&.9......0...*.H........0~1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1(0&..U....Microsoft Update Signing CA 2.20...190502214449Z..200502214449Z0o1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft Update0.."0...*

                                                                                                              C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\sls.cab

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:Microsoft Cabinet archive data, single, 7826 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 53283, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24490
                                                                                                              Entropy (8bit):7.629144636744632
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:iarwQcY8StpA7IQ6GCq30XPSIleI7lzCuqvfiSIleIx:iartHA7PCFP66Tqvfi6c
                                                                                                              MD5:ACD24F781C0C8F48A0BD86A0E9F2A154
                                                                                                              SHA1:93B2F4FBF96D15BE0766181AFACDB9FD9DD1B323
                                                                                                              SHA-256:5C0A296B3574D170D69C90B092611646FE8991B8D103D412499DBE7BFDCCCC49
                                                                                                              SHA-512:7B1D821CF1210947344FCF0F9C4927B42271669015DEA1C179B2BEAD9025941138C139C22C068CBD7219B853C80FA01A04E26790D8D76A38FB8BEBE20E0A2A4A
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF............D...............#................A..........d........B..............environment.cab.x.\&..BCK.\.T...N.....;LB.JW.. .w!....$*...U....."........ (.. E..........w...e.Jf.3gN.{...{V.M4.!.....hn. p(... .a...f..f..j.....Kh5..l.DB\}.=.0.>..X.....z..,'..LC/>....h.>.>.........,~mVI.....'EGD]^..\{....Q....f...4.F.....q..FF.1~...Q,.."g.qq.......}.....g%Zz.;m.9..z../2Jl.p8wGO......-V....FM......y*.....Hy.xy......N.r;.@uV........Xa...b].`..F...y.Wd.e.8.[Z.s7].....=B.$...'.|.-.sC....a_(..$..i.C.T.F}...]...m.R,y.1...'..j3.....ir..B..)sR.G.*..`-=.w....m..2y.....*o...\{..C.4.:ZM..wL-$.I.x:?.!.....:..W.%&.....J.%.....~....E..T.d.Q{..p..J..pY...P../.."rp....`...#w.....'.|n%Dy,.....i....."..x.....b._..\_.^.XOo..*:.&a.`..qA.?.@..t.R/...X3.nF.&........1Z.r.S...9x........?..aP..A...f..k:..\....L...t....Q...1..A..33A1.t..)...c....;......$.$..>._....A.!g`..t...b.H.L..&.....!......v~.n...uE.x...."5.h.4..B.R.d.4.%--.`.B..."..[....l......x(..5......@.zr....

                                                                                                              C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMPD3D3.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:Microsoft Cabinet archive data, single, 858 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 12183, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                              Category:modified
                                                                                                              Size (bytes):19826
                                                                                                              Entropy (8bit):7.454351722487538
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:3j+naF6zsHqnltHNsAR9zCfsOCUPTNbZR9zOzD8K:z1F6JLts89zIdrFT9zwoK
                                                                                                              MD5:455385A0D5098033A4C17F7B85593E6A
                                                                                                              SHA1:E94CC93C84E9A3A99CAD3C2BD01BFD8829A3BCD6
                                                                                                              SHA-256:2798430E34DF443265228B6F510FC0CFAC333100194289ED0488D1D62C5367A7
                                                                                                              SHA-512:104FA2DAD10520D46EB537786868515683752665757824068383DC4B9C03121B79D9F519D8842878DB02C9630D1DFE2BBC6E4D7B08AFC820E813C250B735621A
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF....Z.......D................/..........Z....J..........d.......................environment.xml........CK....8.....w..=.9%T`.eu:.jn.E.8......m_.o?...5.K.{.3X3....^.{i..b......{.+.....y:..KW;;\..n.K=.]k..{.=..3......D$.&IQH.$-..8.r.{..HP.........g....^..~......e.f2^..N.`.B..o.t....z..3..[#..{S.m..w....<M...j..6.k.K.....~.SP.mx..;N.5..~\.[.!gP...9r@"82"%.B%..<2.c....vO..hB.Fi....{...;.}..f|..g.7..6..].7B..O..#d..]Ls.k..Le...2.*..&I.Q.,....0.\.-.#..L%.Z.G..K.tU.n...J..TM....4....~...:..2.X..p.d....&.Bj.P(.."..).s.d....W.=n8...n...rr..O._.yu...R..$....[...=H"K<.`.e...d.1.3.gk....M..<R......%1BX.[......X.....q......:...3..w....QN7. .qF..A......Q.p...*G...JtL...8sr.s.eQ.zD.u...s.....tjj.G.....Fo...f`Bb<.]k..e.b..,.....*.1.:-....K.......M..;....(,.W.V(^_.....9.,`|...9...>..R...2|.|5.r....n.y>wwU..5...0.J...*.H........J.0.I....1.0...`.H.e......0....+.....7......0..0V..+.....7....H.......$f.....`..41200..+.....7...1". ...>^..~a..e.D.V.C...

                                                                                                              C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\sls.cab

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\SIHClient.exe
                                                                                                              File Type:Microsoft Cabinet archive data, single, 11149 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 18779, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                              Category:dropped
                                                                                                              Size (bytes):30005
                                                                                                              Entropy (8bit):7.7369400192915085
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:ouCAyCeQ8fkZdfTGo/its89z8gjP69zA4:Aqf56z8HzT
                                                                                                              MD5:4D7FE667BCB647FE9F2DA6FC8B95BDAE
                                                                                                              SHA1:B4B20C75C9AC2AD00D131E387BCB839F6FAAABCA
                                                                                                              SHA-256:BE273EA75322249FBF58C9CAD3C8DA5A70811837EF9064733E4F5FF1969D4078
                                                                                                              SHA-512:DDB8569A5A5F9AD3CCB990B0A723B64CEE4D49FA6515A8E5C029C1B9E2801F59259A0FC401E27372C133952E4C4840521419EF75895260FA22DFF91E0BE09C02
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF.....+......D...............[I...........+...I..........d.......rM..............environment.cab...Q.!+rMCK.|.XT....CI7.....AR..$..C$D....RA:....T..........o...g...>.....s....z...>..<...J.R.A......%}..... 0............\...e.z...@..{..,./.:9:X8.s^q...>.(]...I)....'..v@....!.(.i.n.!.g.8\/.+X3.E.~.pi...Q...B...."Oj..~.:....M....uB.}..v.WR........tDD......D7..j..`..5..E.2.z..C....4.s....r..Y.:.|.mtg...S..b._.....!.~Kn..E.=...x.N..e.)....xz...p..h.;..xR'...U.}........nK.+.Y........p..r _.;?.m}$..*%&...8. 7..T....,7..F...e...kI.y...q....".W.W..[..gZQ.....W.$k.T"...N.*...5.R...,+...u.~VO...R-......H7..9........].K....]....tS~*.LSi....T....3+........k......i.J.y...,.Y|.N.t.LX.....zu..8......S*7..{y.m.....Ob.....^.S8Kn.i.._.c~.x.ce.A...t........S.......i1......V..S]H....$..J....E..j...4...o.$..).....;.n<.b.}.(.J.]...Q..u,.-.Bm.[z.j..-i.."...._v.......N..+...g..v..../...;G.Yw....0..u...z....J..K.E..s&..u.h3.]J.G............Z....=.N.X..

                                                                                                              C:\Windows\System32\drivers\etc\hosts

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF, LF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):857
                                                                                                              Entropy (8bit):4.712765723284222
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTto:vDZhyoZWM9rU5fFcr
                                                                                                              MD5:9AC77B45979A66F73EDB70B72908A616
                                                                                                              SHA1:8B22CFA695F10D31B8300C06790B728A4E209324
                                                                                                              SHA-256:A7777E702D4BEAD5529BFC2D026BFA2088BB64A5504DAFB57EF308CE92469E20
                                                                                                              SHA-512:C01644C1C13F7126ED455D76A63CD3CEEB314D74265256B07AC7120F6DA512B1B632D4F21167B9E8C7AD106F75D1F20809A7B129BE6871441F8F3FF6A390CFFF
                                                                                                              Malicious:true
                                                                                                              Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...127.0.0.1..wildixintegration.eu.

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stddtype.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdnames.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschem.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\stdschmx.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrv.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):532080
                                                                                                              Entropy (8bit):6.370246167881384
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                              MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                              SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                              SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                              SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919664
                                                                                                              Entropy (8bit):5.991555850090375
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                              MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                              SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                              SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                              SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\New\unires.dll

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856688
                                                                                                              Entropy (8bit):5.596774833480957
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                              MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                              SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                              SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                              SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\3\imgprint.BUD

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):19336
                                                                                                              Entropy (8bit):4.312180794862161
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:7mXKNT6+Y9QeSU83XGtzdHeQhlJqecM+Pu7HnjtoX2PSuNip:T6+LU832tzd+pnM+Pu7HGX2quNu
                                                                                                              MD5:42952F9CA5587C428EC9903387A02B8D
                                                                                                              SHA1:9522AEB7C2254FE643CB19C4E215AC05B1B6D638
                                                                                                              SHA-256:10F6033868215ACBD4715ED04D20A2F714D1BCA06B571D6A3BF4B1818D019E49
                                                                                                              SHA-512:19E61FF6D5CBE678F89926F753ADDE12054A2EAD8040A45B8AA8E13095A563BC514BBCB1E48624F8FE53AE064EBA51BAC716550D9028E2D9EFB2F8AF04BD2EC3
                                                                                                              Malicious:false
                                                                                                              Preview:.K.. DPGr...ta..I..)........................................z........... ...........................c.......@...J........$..4........)...........+..:........-...........-...........-...........-...........-...........6...........6...........6...........6...........6...........7...........WINNT_40.WINNT_50.WINNT_51.WINNT_60.PARSER_VER_1.0.C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.i.m.g.p.r.i.n.t...g.p.d...StdNames.gpdC.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.p.o.o.l.\.D.R.I.V.E.R.S.\.x.6.4.\.3.\.S.t.d.N.a.m.e.s...g.p.d...ORIENTATION_DISPLAY.PAPER_SIZE_DISPLAY.PAPER_SOURCE_DISPLAY.RESOLUTION_DISPLAY.MEDIA_TYPE_DISPLAY.TEXT_QUALITY_DISPLAY.COLOR_PRINTING_MODE_DISPLAY.PRINTER_MEMORY_DISPLAY.TWO_SIDED_PRINTING_DISPLAY.PAGE_PROTECTION_DISPLAY.HALFTONING_DISPLAY.OUTPUTBIN_DISPLAY.IMAGECONTROL_DISPLAY.PRINTDENSITY_DISPLAY.GRAPHICSMODE_DISPLAY.TEXTHALFTONE_DISPLAY.GRAPHICSHALFTONE_DISPLAY.PHOTOHALFTONE_DISPLAY.RCID_DMPAPER_SYSTEM_NAME.LETTER_DISPLAY.LETTERS

                                                                                                              C:\Windows\System32\spool\drivers\x64\imgprint.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\System32\spool\drivers\x64\stddtype.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdnames.gpd

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschem.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\System32\spool\drivers\x64\stdschmx.gdl

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrv.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):532080
                                                                                                              Entropy (8bit):6.370246167881384
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                              MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                              SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                              SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                              SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\unidrvui.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919664
                                                                                                              Entropy (8bit):5.991555850090375
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                              MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                              SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                              SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                              SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\System32\spool\drivers\x64\unires.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856688
                                                                                                              Entropy (8bit):5.596774833480957
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                              MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                              SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                              SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                              SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              C:\Windows\System32\wfaxport.dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):940144
                                                                                                              Entropy (8bit):6.458898363798956
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:5pcIN4eGbIp0dMAonEWorRdvfd+Xu6VrZUcu2jRwzjeL7i8XVbsT3zpf3ygLuITz:5pv2OrkeL+8U3zpvyOuARXwo1
                                                                                                              MD5:1DED360B71C4C83EB10B0C08B6597C9E
                                                                                                              SHA1:80CC899D7CC2483B01185CD528210A399C76DBDD
                                                                                                              SHA-256:D9B43DF509EE41A62E74241A541723E309FA5A4470E3132E7DD2C54314DF4E2D
                                                                                                              SHA-512:45616968A18B7789F9256CFD7E2023D6644A34B5F29ADF138E058BBDCDC2231FA3DC37DD28796F85AB1D63E60F9E9C8C010AEE162DAC9031B0E605C463966A78
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e.<..so..so..so.|pn..so.|vn..so.xwn..so.xpn..so.xvn..so.|wn..so.|un..so.|rn..so..ro..socxwn..socxvn..socxsn..socx.o..socxqn..soRich..so........PE..d...H.tg.........." ..."..................................................................`..........................................5..p...`6.......`..p........~......p*...p..l.......T.......................(.......@...............p............................text.............................. ..`.rdata..............................@..@.data...4x...P...X...:..............@....pdata...~..........................@..@_RDATA..\....P......................@..@.rsrc...p....`......................@..@.reloc..l....p......................@..B........................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\DRIVERS\x64\3\imgprint.gpd (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):7996
                                                                                                              Entropy (8bit):5.128824009655858
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:Iwr2yWGyAH155NpoEdyb76f8upG2sIkQTkpfpBnquMpBnqF5zqps2dXRSXjKMoy8:IHa1Hj7k2sI90mHmF52pbye9U/Prtk
                                                                                                              MD5:9CB68B693CDCDF5E9E5707E3CABCA7A7
                                                                                                              SHA1:29A5537387519BC14138F02C5355EAB2EB923AA3
                                                                                                              SHA-256:D79405A4F2A390407B78B1DC7FEEBE3A533EA9969F6066F5A12F189502D900F0
                                                                                                              SHA-512:765EDDDD3CE8995DC66AB5578462F12CD52007FDEBF3C6DE412BAF4C094E17FDB286BDEB0A6ECC6FE2347C0BB846F4D2A206DD78BC128111E84918F50B57E7F8
                                                                                                              Malicious:false
                                                                                                              Preview:*% ..*% ..*% ..*GPDSpecVersion: "1.0"..*GPDFileName: "imgprint.gpd"..*GPDFileVersion: "3.1.0" ..*Include: "StdNames.gpd"..*ModelName: "Wildix FaxPrinter"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 99......*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.. *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l0O".. }.. }.. *Option: LANDSCAPE_CC90.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.6.. *Cmd: "<1B>&l1O".. }.. }..}..*Feature: InputBin..{.. *rcNameID: =PAPER_SOURCE_DISPLAY.. *DefaultOption: MANUAL.. *Option: MANUAL.. {.. *rcNameID: =MANUAL_FEED_DISPLAY.. *Command: CmdSelect.. {.. *Order: DOC_SETUP.9.. *Cmd: "<1B>&l2H

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stddtype.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):23812
                                                                                                              Entropy (8bit):5.102231290969022
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:ILAp44CzsyQKElOR2x96a7zXql8wYNz6FkjzEgqgF6Lvztmm/jb5/R6B3VjMcBU0:ILAe40VxYJ7zvWrfZmujb5mVjlQrlGwI
                                                                                                              MD5:D46A5DFAB2AC1BB5BF39D4E256E3AB43
                                                                                                              SHA1:FD19097E89D882E5624E8822FF8D7518D104B31C
                                                                                                              SHA-256:0E93309B477971AD9D744FB1BB6AFDE1AF7D31223E90B5E8A4E5EA13CC5B8CD9
                                                                                                              SHA-512:FE6C5CD5DA0E045E9F823D34E393E158F56A3136966971F0D494092257956FBEA29ACC98E94B50AA785CF426DBACDAFFCC0B0F7872E7F63A2F270A174C0F4BCA
                                                                                                              Malicious:false
                                                                                                              Preview:*% stddtype.gdl - this file contains templates that define all MS standard datatypes..*% that appear in GPD and GDL files.....*PreCompiled: TRUE......*% ==================..*% ==== Macro Definitions ====..*% ==================....*Macros:..{.. LIST_OF_COMMAND_NAMES : (.. *%.. *% GENERAL.. *%.. *% the following are not enumerated here because they require.. *% the full Command structure. See Template: ORDERED_COMMAND.. *% and its descendants..... *% CmdSelect,.. *% CmdStartJob,.. *% CmdStartDoc,.. *% CmdStartPage,.. *% CmdEndPage,.. *% CmdEndDoc,.. *% CmdEndJob,.. *% CmdCopies,.. *% CmdSleepTimeOut,.... *%.. *% CURSOR CONTROL.. *%.. CmdXMoveAbsolute,.. CmdXMoveRelLeft,.. CmdXMoveRelRight,.. CmdYMoveAbsolute,.. CmdYMoveRelUp,.. CmdYMoveRelDown,.. CmdSetSimpleRotation,.. CmdSetAnyRotation,.. CmdUniDirec

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdnames.gpd (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):14362
                                                                                                              Entropy (8bit):4.18034476253744
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NcThm8JC986ITRCzEzEpYNwtd29u7ZTl8hF:xFzOnS7z0
                                                                                                              MD5:CD0BA5F62202298A6367E0E34CF5A37E
                                                                                                              SHA1:0507C7264281EFB362931DEB093308A5CC0F23A5
                                                                                                              SHA-256:B5E8E0C7339EF73F4DD20E2570EE2C79F06CA983F74D175DBE90C0319C70CE3A
                                                                                                              SHA-512:0DA97D886BBF6E06BDEF240B0CA32E80ED56140349902F2A58FCD00A95F85AEDEABB779CA99308DA39E995BDB7C179E2D7A0705643AF609EC7E05323964851F8
                                                                                                              Malicious:false
                                                                                                              Preview:*%%% Copyright (c) 1997-1999 Microsoft Corporation..*%%% value macros for standard feature names and standard option names..*%%% used in older Unidrv's.....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }..}....*Macros: StdFeatureNames..{.. ORIENTATION_DISPLAY: RESDLL.UniresDLL.11100.. PAPER_SIZE_DISPLAY: RESDLL.UniresDLL.11101.. PAPER_SOURCE_DISPLAY: RESDLL.UniresDLL.11102.. RESOLUTION_DISPLAY: RESDLL.UniresDLL.11103.. MEDIA_TYPE_DISPLAY: RESDLL.UniresDLL.11104.. TEXT_QUALITY_DISPLAY: RESDLL.UniresDLL.11105.. COLOR_PRINTING_MODE_DISPLAY: RESDLL.UniresDLL.11106.. PRINTER_MEMORY_DISPLAY: RESDLL.UniresDLL.11107.. TWO_SIDED_PRINTING_DISPLAY: RESDLL.UniresDLL.11108.. PAGE_PROTECTION_DISP

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschem.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):59116
                                                                                                              Entropy (8bit):5.051886370413466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:UH8K0RGmALhTYi6AmdDsaCXmSsUN2xHXgutLSsy3o+ndhr54:UH8K0RGmAd58D+iLBHad4
                                                                                                              MD5:FC574EB0EAAF6A806F6488673154F91F
                                                                                                              SHA1:E10B44CF7082FE5BE23FB0C19AC792D4692F6388
                                                                                                              SHA-256:941E5318D8BBD747AFA98982C0354516079175ACD3D7485F327BCC384F4FCFB8
                                                                                                              SHA-512:A04CAC69A4DD4BD951CDC0F5186A3F589DA2EA40D667BE855F9E5AED12ECD9F7FC79FD624361C9563A07A5DCC1250CBD628BA27A0FAD78D599CD68540F9B4F45
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschem.gdl - this file contains templates that define all MS standard keywords..*% and constructs that appear in GPD and GDL files.....*PreCompiled: TRUE....*Include: "stddtype.gdl"......*% ==================..*% ==== Base Attributes ====..*% ==================........*Template: DISPLAY_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_CODEPAGE_STRING.. *Virtual: TRUE..}........*Template: ANSI_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_NORMAL_STRING.. *Virtual: TRUE..}....*Template: DEF_CP_STRING..{.. *Type: ATTRIBUTE.. *ValueType: GPD_DEFAULT_CODEPAGE_STRING.. *Virtual: TRUE..}....*% ==================..*% ==== Root Attributes ====..*% ==================....*Template: CODEPAGE..{.. *Name: "*CodePage".. *Type: ATTRIBUTE.. *ValueType: GPD_NONNEG_INTEGER..}....*Template: GPDSPECVERSION..{.. *Name: "*GPDSpecVersion".. *Inherits: ANSI_STRING..}....*Template: GPDFILEVERSION..{.. *Name: "*GPDFileVersion".. *Inhe

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\stdschmx.gdl (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2278
                                                                                                              Entropy (8bit):4.581866117244519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:IO673u+3WSnMVfIPQMAPFq+AP3hM927Kc509OD8jQV0Ucn05NKYKd5NK3Kr59:IB7zmrAPMtc6927e9OQEV2EPSQg/
                                                                                                              MD5:932F57E78976810729855CD1B5CCD8EF
                                                                                                              SHA1:50D7145076D422C03B924DD16EA237AC9B822F0E
                                                                                                              SHA-256:3B9BE4E69B022DE9D0E30EDE70F292F3DF55AB7BE36F134BF2D37A7039937D19
                                                                                                              SHA-512:023848F6CE826EB040EA90C8319BBF1AC26E16B66BD9470E197B3A02DAE00AE9A177996E6B069F42BC54FBF28AE7F96CCC10CF331C13B54CCF12990311F30D73
                                                                                                              Malicious:false
                                                                                                              Preview:*% stdschx.gdl..*% this file defines the parts of the schema that are dependent on..*% preprocessor defines.....*% Since this header relies on passed in Preprocessor defines, it must not be PreCompiled...*PreCompiled: FALSE....*Include: "stdschem.gdl"....*Ifdef: WINNT_50.. *% and above .......*Template: PRINTRATEUNIT..{.. *Name: "*PrintRateUnit".. *Type: ATTRIBUTE.. *ValueType: EDT_PRINTRATEUNIT..}..*Template: PREDEFINED_PAPERSIZE_OPTION_2 *% Additional papersizes.. *% for NT5.0..{.. *Inherits: V_PREDEFINED_PAPERSIZE_OPTION.. *Instances: (.. DBL_JAPANESE_POSTCARD,.. A6,.. JENV_KAKU2,.. JENV_KAKU3,.. JENV_CHOU3,.. JENV_CHOU4,.. LETTER_ROTATED,.. A3_ROTATED,.. A4_ROTATED,.. A5_ROTATED,.. B4_JIS_ROTATED,.. B5_JIS_ROTATED,.. JAPANESE_POSTCARD_ROTATED,.. DBL_JAPANESE_POSTCARD_ROTATED,.. A6_ROTATED,.. JENV_KAKU2_ROTATED,.. JENV_KAKU3_ROTA

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrv.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):532080
                                                                                                              Entropy (8bit):6.370246167881384
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:/TIJ/Cq6XA1T9hPGhV9mid49b9spV7LDbTz5w:/UJ/Cq2IT/PiP4dapV7LDtw
                                                                                                              MD5:1D574CE34B4086B8440B578497E4BAC6
                                                                                                              SHA1:F7C55619F693CC6465B8B877C2F9E533CB84712C
                                                                                                              SHA-256:BDCADB517FDB16078F999701B3A59CA75687CDE474F9770DF2E86AE41F9E962A
                                                                                                              SHA-512:FB1B70C392A1E292C181C3EB4C072BD56FFFAA6674025FEB86EBDC772C98CC443D8DFC7325C84E19CB41269303D8C583A44841F938F03CC517DD25E68359560F
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....c...c...c.......c.....!.c.......c...b...c.......c.......c.......c.=.....c.......c.......c.Rich..c.........PE..d......R.........." .....d..........p........................................0......G.....`.........................................Xp......X....................K......p*... ..h...00..8............................p..................X............................text....c.......d.................. ..`.data................h..............@....pdata...K.......L..................@..@.idata..............................@..@.rsrc...............................@..@.reloc..h.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unidrvui.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):919664
                                                                                                              Entropy (8bit):5.991555850090375
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:uH0ARc8QCfjeDUr73Tx1yfhPXgFQ3Qe5w1lwAAwoTLARTsBqC+Zo:u7Hdv3DyfhP2QgYPwo3ArVo
                                                                                                              MD5:816DDBD6F052DEBFCE5B7EEAE4E789FD
                                                                                                              SHA1:1DFD070CAE07E271233AF20236831DC58B3BADB6
                                                                                                              SHA-256:727FFB5B2BF5BDFFFBD090FD83911F731BB6776571ED1377F2139899709C51F0
                                                                                                              SHA-512:6A02DA315AD7E886FDC4C43C0F63409A41735FB409F144DAA04422648E45FA9E7A523CF326612412C96D3E03D451F10A2BDFEB2B6BCAD7A6D8DC474281A5978D
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.+]Q.x]Q.x]Q.x...x\Q.x...xfQ.x...xMQ.x]Q.x.Q.x...xHQ.x...x\Q.x...x.Q.xz..x\Q.x...x\Q.x...x\Q.xRich]Q.x........................PE..d.....}R.........." .....T..........t........................................ ............`.........................................._..{...............H........1......p*..........0................................................................................text...KR.......T.................. ..`.data....+...p...&...X..............@....pdata...1.......2...~..............@..@.idata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\system32\spool\drivers\x64\3\unires.dll (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\spoolsv.exe
                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):856688
                                                                                                              Entropy (8bit):5.596774833480957
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:r9aBEoNh3bBPc/s4430ye84TF1dbua5TVhRre3kf8IKHgikinL2U:paBEGbL4Np84TQazCSiR2U
                                                                                                              MD5:A64216C3C9E82E1C6D0B5CD8020D3ABD
                                                                                                              SHA1:5FC65E59EEEE9C5F1682E4EDB4C5D9EF69FCED88
                                                                                                              SHA-256:56DA81C0EABE8505A96A41BA69A3DB13F30E247C39B1393CFE65C9578E47A9EC
                                                                                                              SHA-512:079CFACC36CF4EA6E24A61B539C1A2EBC04DAE2AC93FE8EC372FA5E8934C9F93BEBC4C47188E7EC95D306ACB0E8A2C3FA2AC8605A378F30AD8C634B457168B83
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..3}..3}..3}.H...3}.H...3}.Rich.3}.................PE..d......R.........." ................................................................@.....`.............................................................0...............p*...........................................................................................rsrc...............................@..@.........................................D..8.......P.......................@...........................................r.......s.......t.......u.......v.......w.......x.......y...................................H...............................8.......x...............................................................................0.......H.......................`.......x....................................................... .......8.......P.......h...........................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Entropy (8bit):7.9950288299075
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:3.19.1+SetupWIService.exe
                                                                                                              File size:25'539'800 bytes
                                                                                                              MD5:a7046c3136192e6e7b5180728b3b3b49
                                                                                                              SHA1:80c172f4b988b75b9078ecfe6a40d92f353b6c73
                                                                                                              SHA256:aedddd8ca924f5ff05651559d4b13895085af42b90ef304f9ea1d8d641a8fb21
                                                                                                              SHA512:ca3db1ee665ad577cd57ebb9ef066529990980cc7e09fc07314beda839a94ce1a39c532db308aabd856bc27418b522ea7b4c0019b81917920a30ef157f4a6f6a
                                                                                                              SSDEEP:786432:MfbPh8XVA26nyfuRtRGRQ5J9fvBAKBZH+DO:MfrhSZN+yRqJ9fpeDO
                                                                                                              TLSH:1D47338DA1115367D8714630E2264F5FB2AB71ACCA734CB34703742FCB53BA7A21B999
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                              File Icon

                                                                                                              Icon Hash:336cacadb2965513

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x40352d
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:true
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                              Authenticode Signature

                                                                                                              Signature Valid:true
                                                                                                              Signature Issuer:CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                              Error Number:0
                                                                                                              Not Before, Not After
                                                                                                              • 08/11/2024 08:02:16 08/11/2027 08:02:15
                                                                                                              Subject Chain
                                                                                                              • CN=Wildix O\xdc, O=Wildix O\xdc, STREET="Laeva tn., 2", PostalCode=10111, L=Tallinn, S=Harju maakond, C=EE, SERIALNUMBER=12915667, OID.1.3.6.1.4.1.311.60.2.1.1=Tartu, OID.1.3.6.1.4.1.311.60.2.1.2=Tartu maakond, OID.1.3.6.1.4.1.311.60.2.1.3=EE, OID.2.5.4.15=Private Organization
                                                                                                              Version:3
                                                                                                              Thumbprint MD5:8D242122DFF67487607F2D0420C749C0
                                                                                                              Thumbprint SHA-1:2DA714C0EA5669329B9CB729381362B9741E2F0F
                                                                                                              Thumbprint SHA-256:BB6DCF27CB6D1C9AA885B52FEF8532723B899FC11E7527553389E40571B11117
                                                                                                              Serial:7625A04AF8C3CA38783A5126728CA6F5

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              sub esp, 000003F4h
                                                                                                              push ebx
                                                                                                              push esi
                                                                                                              push edi
                                                                                                              push 00000020h
                                                                                                              pop edi
                                                                                                              xor ebx, ebx
                                                                                                              push 00008001h
                                                                                                              mov dword ptr [ebp-14h], ebx
                                                                                                              mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                              mov dword ptr [ebp-10h], ebx
                                                                                                              call dword ptr [004080CCh]
                                                                                                              mov esi, dword ptr [004080D0h]
                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                              push eax
                                                                                                              mov dword ptr [ebp-0000012Ch], ebx
                                                                                                              mov dword ptr [ebp-2Ch], ebx
                                                                                                              mov dword ptr [ebp-28h], ebx
                                                                                                              mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                              call esi
                                                                                                              test eax, eax
                                                                                                              jne 00007F2E5122B07Ah
                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                              mov dword ptr [ebp-00000140h], 00000114h
                                                                                                              push eax
                                                                                                              call esi
                                                                                                              mov ax, word ptr [ebp-0000012Ch]
                                                                                                              mov ecx, dword ptr [ebp-00000112h]
                                                                                                              sub ax, 00000053h
                                                                                                              add ecx, FFFFFFD0h
                                                                                                              neg ax
                                                                                                              sbb eax, eax
                                                                                                              mov byte ptr [ebp-26h], 00000004h
                                                                                                              not eax
                                                                                                              and eax, ecx
                                                                                                              mov word ptr [ebp-2Ch], ax
                                                                                                              cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                              jnc 00007F2E5122B04Ah
                                                                                                              and word ptr [ebp-00000132h], 0000h
                                                                                                              mov eax, dword ptr [ebp-00000134h]
                                                                                                              movzx ecx, byte ptr [ebp-00000138h]
                                                                                                              mov dword ptr [00434FB8h], eax
                                                                                                              xor eax, eax
                                                                                                              mov ah, byte ptr [ebp-0000013Ch]
                                                                                                              movzx eax, ax
                                                                                                              or eax, ecx
                                                                                                              xor ecx, ecx
                                                                                                              mov ch, byte ptr [ebp-2Ch]
                                                                                                              movzx ecx, cx
                                                                                                              shl eax, 10h
                                                                                                              or eax, ecx

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x191f8.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x1858a680x2a70
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .ndata0x360000x210000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rsrc0x570000x191f80x19200ed1f2dbc21e812ed07baa21108fd923eFalse0.703076414800995data6.749045274445358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_ICON0x574000xbc2dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004359288398066
                                                                                                              RT_ICON0x630300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.34671705243268774
                                                                                                              RT_ICON0x672580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3989626556016598
                                                                                                              RT_ICON0x698000x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.43402366863905323
                                                                                                              RT_ICON0x6b2680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5145403377110694
                                                                                                              RT_ICON0x6c3100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.6281982942430704
                                                                                                              RT_ICON0x6d1b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5819672131147541
                                                                                                              RT_ICON0x6db400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7518050541516246
                                                                                                              RT_ICON0x6e3e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.6302325581395349
                                                                                                              RT_ICON0x6eaa00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.7427745664739884
                                                                                                              RT_ICON0x6f0080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6586879432624113
                                                                                                              RT_ICON0x6f4700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.46236559139784944
                                                                                                              RT_ICON0x6f7580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5574324324324325
                                                                                                              RT_DIALOG0x6f8800x200dataEnglishUnited States0.3984375
                                                                                                              RT_DIALOG0x6fa800xf8dataEnglishUnited States0.6290322580645161
                                                                                                              RT_DIALOG0x6fb780xa0dataEnglishUnited States0.60625
                                                                                                              RT_DIALOG0x6fc180xeedataEnglishUnited States0.6302521008403361
                                                                                                              RT_GROUP_ICON0x6fd080xbcdataEnglishUnited States0.6595744680851063
                                                                                                              RT_MANIFEST0x6fdc80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 13, 2025 17:17:42.908914089 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:42.909022093 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:42.909111023 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:42.910372972 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:42.910409927 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.662211895 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.662883997 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.662925959 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.664483070 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.664664030 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.665513992 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.665513992 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.665605068 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.715178967 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.715213060 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.762428999 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.936784029 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.936804056 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.936813116 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.936842918 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.936896086 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.936922073 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.936973095 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.937128067 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.951029062 CET49985443192.168.2.1018.173.205.52
                                                                                                              Jan 13, 2025 17:17:43.951076031 CET4434998518.173.205.52192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.997586966 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:43.997628927 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.999556065 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:44.000159979 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:44.000173092 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:44.743050098 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:44.753931999 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:44.753952026 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:44.755384922 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:44.755611897 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:44.756447077 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:44.756520987 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:44.756616116 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:44.756623983 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:44.801198006 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.020356894 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:45.020454884 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:45.020515919 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.180890083 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.180921078 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:45.180954933 CET49988443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.180962086 CET4434998818.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:45.412756920 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.412810087 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:45.412878990 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.413341999 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:45.413362026 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.130445957 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.155385017 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:46.155409098 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.156447887 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.156519890 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:46.162616014 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:46.162702084 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.162893057 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:46.162903070 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.215173006 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:46.405437946 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.405523062 CET4434999118.173.205.94192.168.2.10
                                                                                                              Jan 13, 2025 17:17:46.405875921 CET49991443192.168.2.1018.173.205.94
                                                                                                              Jan 13, 2025 17:17:48.100430012 CET49991443192.168.2.1018.173.205.94

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 13, 2025 17:17:42.886490107 CET5738753192.168.2.101.1.1.1
                                                                                                              Jan 13, 2025 17:17:42.904953957 CET53573871.1.1.1192.168.2.10
                                                                                                              Jan 13, 2025 17:17:43.978245020 CET5001753192.168.2.101.1.1.1
                                                                                                              Jan 13, 2025 17:17:43.996400118 CET53500171.1.1.1192.168.2.10

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 13, 2025 17:17:42.886490107 CET192.168.2.101.1.1.10xcac4Standard query (0)files.wildix.comA (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:43.978245020 CET192.168.2.101.1.1.10x1b6bStandard query (0)files.wildix.comA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 13, 2025 17:15:49.697524071 CET1.1.1.1192.168.2.100x5831No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:15:49.697524071 CET1.1.1.1192.168.2.100x5831No error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:15:49.697524071 CET1.1.1.1192.168.2.100x5831No error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:16:11.508891106 CET1.1.1.1192.168.2.100x34a8No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:16:11.508891106 CET1.1.1.1192.168.2.100x34a8No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:16:24.676074028 CET1.1.1.1192.168.2.100xc9cbNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:16:24.676074028 CET1.1.1.1192.168.2.100xc9cbNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.36A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.23A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:13.010514975 CET1.1.1.1192.168.2.100xe40fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:42.904953957 CET1.1.1.1192.168.2.100xcac4No error (0)files.wildix.com18.173.205.52A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:42.904953957 CET1.1.1.1192.168.2.100xcac4No error (0)files.wildix.com18.173.205.16A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:42.904953957 CET1.1.1.1192.168.2.100xcac4No error (0)files.wildix.com18.173.205.94A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:42.904953957 CET1.1.1.1192.168.2.100xcac4No error (0)files.wildix.com18.173.205.34A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:43.996400118 CET1.1.1.1192.168.2.100x1b6bNo error (0)files.wildix.com18.173.205.94A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:43.996400118 CET1.1.1.1192.168.2.100x1b6bNo error (0)files.wildix.com18.173.205.16A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:43.996400118 CET1.1.1.1192.168.2.100x1b6bNo error (0)files.wildix.com18.173.205.52A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:43.996400118 CET1.1.1.1192.168.2.100x1b6bNo error (0)files.wildix.com18.173.205.34A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:55.408935070 CET1.1.1.1192.168.2.100x9968No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Jan 13, 2025 17:17:55.408935070 CET1.1.1.1192.168.2.100x9968No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • files.wildix.com

                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.104998518.173.205.524435472C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-13 16:17:43 UTC85OUTGET /integrations/integrations.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2025-01-13 16:17:43 UTC592INHTTP/1.1 200 OK
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 7975
                                                                                                              Connection: close
                                                                                                              Last-Modified: Fri, 10 Jan 2025 13:12:49 GMT
                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                              x-amz-meta-version: 166
                                                                                                              x-amz-version-id: YjYDdyS796YepSojBKoWYASe.f0AG1.f
                                                                                                              Accept-Ranges: bytes
                                                                                                              Server: AmazonS3
                                                                                                              Date: Mon, 13 Jan 2025 16:17:43 GMT
                                                                                                              ETag: "113981b343e8f125f610c67c492e91ac"
                                                                                                              X-Cache: Hit from cloudfront
                                                                                                              Via: 1.1 1270eda8f49e8826b43258fcc9ef44d2.cloudfront.net (CloudFront)
                                                                                                              X-Amz-Cf-Pop: FRA56-P12
                                                                                                              X-Amz-Cf-Id: oMoMa8BuOXxN-G2pdzgnEnf2B511S98q9mD9Nx8rZexC0R1bwjr68A==
                                                                                                              Age: 23
                                                                                                              Vary: Origin
                                                                                                              2025-01-13 16:17:43 UTC7975INData Raw: 7b 0a 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 31 36 36 2c 0a 20 20 22 69 6e 74 65 67 72 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 22 62 72 6f 77 73 65 72 65 78 74 22 3a 20 7b 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 65 6e 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0a 20 20 20 20 20 20 20 20 22 65 6e 2d 75 73 22 3a 20 22 42 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 0a 20 20 20 20 20 20 20 20 22 69 74 22 3a 20 22 45 73 74 65 6e 73 69 6f 6e 65 20 64 65 6c 20 62 72 6f 77 73 65 72 22 2c 0a 20 20 20 20 20 20 20 20 22 64 65 22 3a 20 22 42 72 6f 77 73 65 72 2d 45 72 77 65 69 74 65 72 75 6e 67 22 2c 0a 20 20 20 20 20 20 20 20 22 66 72 22 3a 20 22 45 78 74 65 6e 73 69 6f 6e 20 70 6f 75 72
                                                                                                              Data Ascii: { "version": 166, "integrations": { "browserext": { "name": { "en": "Browser extension", "en-us": "Browser extension", "it": "Estensione del browser", "de": "Browser-Erweiterung", "fr": "Extension pour


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.104998818.173.205.944435472C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-13 16:17:44 UTC85OUTGET /integrations/applications.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2025-01-13 16:17:45 UTC594INHTTP/1.1 200 OK
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 822
                                                                                                              Connection: close
                                                                                                              Last-Modified: Mon, 13 Jan 2025 08:19:46 GMT
                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                              x-amz-meta-version: 2.6.13
                                                                                                              x-amz-version-id: 7kCJ.rjGctAcOmJOSd_GIC_6SAhaMG8l
                                                                                                              Accept-Ranges: bytes
                                                                                                              Server: AmazonS3
                                                                                                              Date: Mon, 13 Jan 2025 16:17:44 GMT
                                                                                                              ETag: "41d8375f1333cd4f91990479dac50a25"
                                                                                                              X-Cache: Hit from cloudfront
                                                                                                              Via: 1.1 506bffda4b1949c4425629ce0bdce052.cloudfront.net (CloudFront)
                                                                                                              X-Amz-Cf-Pop: FRA56-P12
                                                                                                              X-Amz-Cf-Id: IP4SJq9Fpl-QAy9Y2hBbrZLnKLCQxO4syVD32tBRKDj_uh67NjyMFg==
                                                                                                              Age: 23
                                                                                                              Vary: Origin
                                                                                                              2025-01-13 16:17:45 UTC822INData Raw: 7b 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 37 2c 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 63 6f 6c 6c 61 62 6f 72 61 74 69 6f 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 32 2e 36 2e 31 33 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 65 72 74 49 64 22 3a 20 22 66 66 36 30 31 38 66 64 34 62 34 64 39 61 64 61 37 63 64 63 64 66 36 36 34 64 64 61 33 63 36 62 62 37 31 30 66 61 61 30 38 30 38 61 36 38 66 61 38 65 62 37 31 31 35 35 33 61 31 37 65 66 62 37 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 63 6f 6c 6c 61
                                                                                                              Data Ascii: { "version": 7, "applications": { "collaboration": { "win": { "version": "2.6.13", "certId": "ff6018fd4b4d9ada7cdcdf664dda3c6bb710faa0808a68fa8eb711553a17efb7", "file": "win/colla


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.104999118.173.205.944435472C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-13 16:17:46 UTC88OUTGET /integrations/x-beesNativeApp.json HTTP/1.1
                                                                                                              Host: files.wildix.com
                                                                                                              Accept: */*
                                                                                                              2025-01-13 16:17:46 UTC595INHTTP/1.1 200 OK
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 754
                                                                                                              Connection: close
                                                                                                              Last-Modified: Mon, 13 Jan 2025 08:52:17 GMT
                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                              x-amz-meta-version: unknown
                                                                                                              x-amz-version-id: JG6OR3ehicxXzIxM0P8iWeMC.RUwqs4B
                                                                                                              Accept-Ranges: bytes
                                                                                                              Server: AmazonS3
                                                                                                              Date: Mon, 13 Jan 2025 16:17:46 GMT
                                                                                                              ETag: "f8f64583282ac9656d0e27a28af3a515"
                                                                                                              X-Cache: Hit from cloudfront
                                                                                                              Via: 1.1 24df21f8156a0df29febdf6c3e09e32c.cloudfront.net (CloudFront)
                                                                                                              X-Amz-Cf-Pop: FRA56-P12
                                                                                                              X-Amz-Cf-Id: nBzCk1QMdMKSXFN0PnQFdkyPHCmt76xObEY-S6NxdVpS6bhBLfzmQw==
                                                                                                              Age: 25
                                                                                                              Vary: Origin
                                                                                                              2025-01-13 16:17:46 UTC754INData Raw: 7b 0d 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 31 32 2c 0d 0a 20 20 20 20 22 61 70 70 6c 69 63 61 74 69 6f 6e 73 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 22 78 2d 62 65 65 73 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 77 69 6e 22 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 30 2e 35 2e 32 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 65 72 74 49 64 22 3a 20 22 66 66 36 30 31 38 66 64 34 62 34 64 39 61 64 61 37 63 64 63 64 66 36 36 34 64 64 61 33 63 36 62 62 37 31 30 66 61 61 30 38 30 38 61 36 38 66 61 38 65 62 37 31 31 35 35 33 61 31 37 65 66 62 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 66 69 6c 65 22 3a 20 22 77 69 6e 2f 78 2d 62 65
                                                                                                              Data Ascii: { "version": 12, "applications": { "x-bees": { "win": { "version": "0.5.23", "certId": "ff6018fd4b4d9ada7cdcdf664dda3c6bb710faa0808a68fa8eb711553a17efb7", "file": "win/x-be


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:11:15:54
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Users\user\Desktop\3.19.1+SetupWIService.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\3.19.1+SetupWIService.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:25'539'800 bytes
                                                                                                              MD5 hash:A7046C3136192E6E7B5180728B3B3B49
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:11:15:55
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WIService.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:11:15:55
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:11:15:55
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WIService.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:11:15:55
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WIui.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:11:15:55
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:11:15:55
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WIui.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:11:15:56
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM wirtpproxy.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:11:15:56
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:11:15:56
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM wirtpproxy.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:11:15:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM wiservice-ui.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:11:15:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:11:15:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM wiservice-ui.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:11:15:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM vncsrv.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:11:15:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:16
                                                                                                              Start time:11:15:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM vncsrv.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:17
                                                                                                              Start time:11:15:58
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:18
                                                                                                              Start time:11:15:58
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:19
                                                                                                              Start time:11:15:58
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WildixOutlookIntegration.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:20
                                                                                                              Start time:11:15:58
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WildixOutlookSync32.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:21
                                                                                                              Start time:11:15:58
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:22
                                                                                                              Start time:11:15:58
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WildixOutlookSync32.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:23
                                                                                                              Start time:11:15:59
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd /C taskkill /F /IM WildixOutlookSync64.exe
                                                                                                              Imagebase:0xd70000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:24
                                                                                                              Start time:11:15:59
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:25
                                                                                                              Start time:11:15:59
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:taskkill /F /IM WildixOutlookSync64.exe
                                                                                                              Imagebase:0xe60000
                                                                                                              File size:74'240 bytes
                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:26
                                                                                                              Start time:11:16:04
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --install_faxprinter
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:27
                                                                                                              Start time:11:16:05
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                              Imagebase:0x7ff66cef0000
                                                                                                              File size:842'752 bytes
                                                                                                              MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:28
                                                                                                              Start time:11:16:05
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\dllhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                              Imagebase:0x7ff6f7fc0000
                                                                                                              File size:21'312 bytes
                                                                                                              MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:29
                                                                                                              Start time:11:16:06
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\spoolsv.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                              Imagebase:0x7ff66cef0000
                                                                                                              File size:842'752 bytes
                                                                                                              MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:30
                                                                                                              Start time:11:16:09
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\SIHClient.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\sihclient.exe /cv f9TvbHSqhkOudq3dEifD3w.0.2
                                                                                                              Imagebase:0x7ff635fe0000
                                                                                                              File size:380'720 bytes
                                                                                                              MD5 hash:8BE47315BF30475EEECE8E39599E9273
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:31
                                                                                                              Start time:11:16:13
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Interop.Outlook.dll" /silent /codebase
                                                                                                              Imagebase:0x2c717160000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:32
                                                                                                              Start time:11:16:13
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:33
                                                                                                              Start time:11:16:24
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Microsoft.Office.Uc.dll" /silent /codebase
                                                                                                              Imagebase:0x21ac07e0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:34
                                                                                                              Start time:11:16:24
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:35
                                                                                                              Start time:11:16:35
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Office.dll" /silent /codebase
                                                                                                              Imagebase:0x1d7ef5e0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:36
                                                                                                              Start time:11:16:35
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:37
                                                                                                              Start time:11:16:46
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Newtonsoft.Json.dll" /silent /codebase
                                                                                                              Imagebase:0x26f8a9c0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:38
                                                                                                              Start time:11:16:46
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:41
                                                                                                              Start time:11:16:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.dll" /silent /codebase
                                                                                                              Imagebase:0x251931f0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:42
                                                                                                              Start time:11:16:57
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:43
                                                                                                              Start time:11:17:07
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.Console.dll" /silent /codebase
                                                                                                              Imagebase:0x1f6ab6a0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:44
                                                                                                              Start time:11:17:07
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:45
                                                                                                              Start time:11:17:18
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\Serilog.Sinks.File.dll" /silent /codebase
                                                                                                              Imagebase:0x1ef619a0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:46
                                                                                                              Start time:11:17:18
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:47
                                                                                                              Start time:11:17:29
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm" "C:\Program Files\Wildix\WIService\WildixOutlookIntegration.exe" /silent
                                                                                                              Imagebase:0x1c88d4d0000
                                                                                                              File size:65'168 bytes
                                                                                                              MD5 hash:A4EB36BAE72C5CB7392F2B85609D4A7E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:48
                                                                                                              Start time:11:17:29
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:49
                                                                                                              Start time:11:17:39
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                              Imagebase:0x7ff71dc50000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:50
                                                                                                              Start time:11:17:39
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:51
                                                                                                              Start time:11:17:39
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:schtasks /create /TN "Wildix\WIService update checker" /xml "C:\Program Files\Wildix\WIService\WisUpdateCheckerTaskX64.xml" /F
                                                                                                              Imagebase:0x7ff7866d0000
                                                                                                              File size:235'008 bytes
                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:52
                                                                                                              Start time:11:17:40
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff71dc50000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:53
                                                                                                              Start time:11:17:40
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:54
                                                                                                              Start time:11:17:40
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:netsh advfirewall firewall delete rule name=all program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff72af70000
                                                                                                              File size:96'768 bytes
                                                                                                              MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:55
                                                                                                              Start time:11:17:40
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff71dc50000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:56
                                                                                                              Start time:11:17:40
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:57
                                                                                                              Start time:11:17:40
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\netsh.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:netsh advfirewall firewall add rule name="Wildix Integration Service" dir=in action=allow program="C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff72af70000
                                                                                                              File size:96'768 bytes
                                                                                                              MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:58
                                                                                                              Start time:11:17:41
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:59
                                                                                                              Start time:11:17:41
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --update
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:62
                                                                                                              Start time:11:17:43
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --installsvc
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:63
                                                                                                              Start time:11:17:44
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --hostsvc
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:65
                                                                                                              Start time:11:17:45
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --watchdog
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:66
                                                                                                              Start time:11:17:45
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --dispatcher
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:68
                                                                                                              Start time:11:17:46
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\proxyex.lnk"
                                                                                                              Imagebase:0x7ff609fd0000
                                                                                                              File size:5'141'208 bytes
                                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:69
                                                                                                              Start time:11:17:47
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                              Imagebase:0x7ff609fd0000
                                                                                                              File size:5'141'208 bytes
                                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:70
                                                                                                              Start time:11:17:47
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --proxyex
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:71
                                                                                                              Start time:11:17:48
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Program Files\Wildix\WIService\wiservice.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Wildix\WIService\wiservice.exe" --storeMachineId
                                                                                                              Imagebase:0x7ff6671d0000
                                                                                                              File size:16'788'080 bytes
                                                                                                              MD5 hash:D62710F3678538E483FFC7EA112D7F68
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:72
                                                                                                              Start time:11:17:49
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\explorer.exe" "C:\Program Files\Wildix\WIService\wiservice.exe"
                                                                                                              Imagebase:0x7ff609fd0000
                                                                                                              File size:5'141'208 bytes
                                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:73
                                                                                                              Start time:11:17:49
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:cmd /C schtasks /delete /TN "Wildix\WIService update recovery" /F
                                                                                                              Imagebase:0x7ff71dc50000
                                                                                                              File size:289'792 bytes
                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:74
                                                                                                              Start time:11:17:49
                                                                                                              Start date:13/01/2025
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff620390000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:31.4%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:16.9%
                                                                                                                Total number of Nodes:1322
                                                                                                                Total number of Limit Nodes:36
                                                                                                                execution_graph 2888 4015c1 2907 402da6 2888->2907 2892 401631 2894 401663 2892->2894 2895 401636 2892->2895 2898 401423 24 API calls 2894->2898 2931 401423 2895->2931 2901 40165b 2898->2901 2903 40164a SetCurrentDirectoryW 2903->2901 2904 4015d1 2904->2892 2905 401617 GetFileAttributesW 2904->2905 2919 405e39 2904->2919 2923 405b08 2904->2923 2926 405a6e CreateDirectoryW 2904->2926 2935 405aeb CreateDirectoryW 2904->2935 2905->2904 2908 402db2 2907->2908 2938 40657a 2908->2938 2911 4015c8 2913 405eb7 CharNextW CharNextW 2911->2913 2914 405ed4 2913->2914 2916 405ee6 2913->2916 2915 405ee1 CharNextW 2914->2915 2914->2916 2918 405f0a 2915->2918 2917 405e39 CharNextW 2916->2917 2916->2918 2917->2916 2918->2904 2920 405e3f 2919->2920 2921 405e55 2920->2921 2922 405e46 CharNextW 2920->2922 2921->2904 2922->2920 2976 40690a GetModuleHandleA 2923->2976 2927 405abb 2926->2927 2928 405abf GetLastError 2926->2928 2927->2904 2928->2927 2929 405ace SetFileSecurityW 2928->2929 2929->2927 2930 405ae4 GetLastError 2929->2930 2930->2927 2985 40559f 2931->2985 2934 40653d lstrcpynW 2934->2903 2936 405afb 2935->2936 2937 405aff GetLastError 2935->2937 2936->2904 2937->2936 2939 406587 2938->2939 2940 4067aa 2939->2940 2943 406778 lstrlenW 2939->2943 2945 40657a 10 API calls 2939->2945 2946 40668f GetSystemDirectoryW 2939->2946 2949 4066a2 GetWindowsDirectoryW 2939->2949 2950 406719 lstrcatW 2939->2950 2951 40657a 10 API calls 2939->2951 2952 4067c4 5 API calls 2939->2952 2953 4066d1 SHGetSpecialFolderLocation 2939->2953 2964 40640b 2939->2964 2969 406484 wsprintfW 2939->2969 2970 40653d lstrcpynW 2939->2970 2941 402dd3 2940->2941 2971 40653d lstrcpynW 2940->2971 2941->2911 2955 4067c4 2941->2955 2943->2939 2945->2943 2946->2939 2949->2939 2950->2939 2951->2939 2952->2939 2953->2939 2954 4066e9 SHGetPathFromIDListW CoTaskMemFree 2953->2954 2954->2939 2962 4067d1 2955->2962 2956 406847 2957 40684c CharPrevW 2956->2957 2959 40686d 2956->2959 2957->2956 2958 40683a CharNextW 2958->2956 2958->2962 2959->2911 2960 405e39 CharNextW 2960->2962 2961 406826 CharNextW 2961->2962 2962->2956 2962->2958 2962->2960 2962->2961 2963 406835 CharNextW 2962->2963 2963->2958 2972 4063aa 2964->2972 2967 40643f RegQueryValueExW RegCloseKey 2968 40646f 2967->2968 2968->2939 2969->2939 2970->2939 2971->2941 2973 4063b9 2972->2973 2974 4063c2 RegOpenKeyExW 2973->2974 2975 4063bd 2973->2975 2974->2975 2975->2967 2975->2968 2977 406930 GetProcAddress 2976->2977 2978 406926 2976->2978 2980 405b0f 2977->2980 2982 40689a GetSystemDirectoryW 2978->2982 2980->2904 2981 40692c 2981->2977 2981->2980 2983 4068bc wsprintfW LoadLibraryExW 2982->2983 2983->2981 2986 4055ba 2985->2986 2995 401431 2985->2995 2987 4055d6 lstrlenW 2986->2987 2988 40657a 17 API calls 2986->2988 2989 4055e4 lstrlenW 2987->2989 2990 4055ff 2987->2990 2988->2987 2991 4055f6 lstrcatW 2989->2991 2989->2995 2992 405612 2990->2992 2993 405605 SetWindowTextW 2990->2993 2991->2990 2994 405618 SendMessageW SendMessageW SendMessageW 2992->2994 2992->2995 2993->2992 2994->2995 2995->2934 2996 401941 2997 401943 2996->2997 2998 402da6 17 API calls 2997->2998 2999 401948 2998->2999 3002 405c49 2999->3002 3038 405f14 3002->3038 3005 405c71 DeleteFileW 3036 401951 3005->3036 3006 405c88 3007 405da8 3006->3007 3052 40653d lstrcpynW 3006->3052 3007->3036 3070 406873 FindFirstFileW 3007->3070 3009 405cae 3010 405cc1 3009->3010 3011 405cb4 lstrcatW 3009->3011 3053 405e58 lstrlenW 3010->3053 3013 405cc7 3011->3013 3015 405cd7 lstrcatW 3013->3015 3017 405ce2 lstrlenW FindFirstFileW 3013->3017 3015->3017 3017->3007 3029 405d04 3017->3029 3020 405d8b FindNextFileW 3024 405da1 FindClose 3020->3024 3020->3029 3021 405c01 5 API calls 3023 405de3 3021->3023 3025 405de7 3023->3025 3026 405dfd 3023->3026 3024->3007 3030 40559f 24 API calls 3025->3030 3025->3036 3028 40559f 24 API calls 3026->3028 3028->3036 3029->3020 3031 405c49 60 API calls 3029->3031 3033 40559f 24 API calls 3029->3033 3035 40559f 24 API calls 3029->3035 3057 40653d lstrcpynW 3029->3057 3058 405c01 3029->3058 3066 4062fd MoveFileExW 3029->3066 3032 405df4 3030->3032 3031->3029 3034 4062fd 36 API calls 3032->3034 3033->3020 3034->3036 3035->3029 3076 40653d lstrcpynW 3038->3076 3040 405f25 3041 405eb7 4 API calls 3040->3041 3042 405f2b 3041->3042 3043 405c69 3042->3043 3044 4067c4 5 API calls 3042->3044 3043->3005 3043->3006 3050 405f3b 3044->3050 3045 405f6c lstrlenW 3046 405f77 3045->3046 3045->3050 3047 405e0c 3 API calls 3046->3047 3049 405f7c GetFileAttributesW 3047->3049 3048 406873 2 API calls 3048->3050 3049->3043 3050->3043 3050->3045 3050->3048 3051 405e58 2 API calls 3050->3051 3051->3045 3052->3009 3054 405e66 3053->3054 3055 405e78 3054->3055 3056 405e6c CharPrevW 3054->3056 3055->3013 3056->3054 3056->3055 3057->3029 3077 406008 GetFileAttributesW 3058->3077 3060 405c2e 3060->3029 3062 405c24 DeleteFileW 3064 405c2a 3062->3064 3063 405c1c RemoveDirectoryW 3063->3064 3064->3060 3065 405c3a SetFileAttributesW 3064->3065 3065->3060 3067 40631e 3066->3067 3068 406311 3066->3068 3067->3029 3080 406183 3068->3080 3071 405dcd 3070->3071 3072 406889 FindClose 3070->3072 3071->3036 3073 405e0c lstrlenW CharPrevW 3071->3073 3072->3071 3074 405dd7 3073->3074 3075 405e28 lstrcatW 3073->3075 3074->3021 3075->3074 3076->3040 3078 405c0d 3077->3078 3079 40601a SetFileAttributesW 3077->3079 3078->3060 3078->3062 3078->3063 3079->3078 3081 4061b3 3080->3081 3082 4061d9 GetShortPathNameW 3080->3082 3107 40602d GetFileAttributesW CreateFileW 3081->3107 3084 4062f8 3082->3084 3085 4061ee 3082->3085 3084->3067 3085->3084 3087 4061f6 wsprintfA 3085->3087 3086 4061bd CloseHandle GetShortPathNameW 3086->3084 3088 4061d1 3086->3088 3089 40657a 17 API calls 3087->3089 3088->3082 3088->3084 3090 40621e 3089->3090 3108 40602d GetFileAttributesW CreateFileW 3090->3108 3092 40622b 3092->3084 3093 40623a GetFileSize GlobalAlloc 3092->3093 3094 4062f1 CloseHandle 3093->3094 3095 40625c 3093->3095 3094->3084 3109 4060b0 ReadFile 3095->3109 3100 40627b lstrcpyA 3103 40629d 3100->3103 3101 40628f 3102 405f92 4 API calls 3101->3102 3102->3103 3104 4062d4 SetFilePointer 3103->3104 3116 4060df WriteFile 3104->3116 3107->3086 3108->3092 3110 4060ce 3109->3110 3110->3094 3111 405f92 lstrlenA 3110->3111 3112 405fd3 lstrlenA 3111->3112 3113 405fdb 3112->3113 3114 405fac lstrcmpiA 3112->3114 3113->3100 3113->3101 3114->3113 3115 405fca CharNextA 3114->3115 3115->3112 3117 4060fd GlobalFree 3116->3117 3117->3094 3132 401c43 3133 402d84 17 API calls 3132->3133 3134 401c4a 3133->3134 3135 402d84 17 API calls 3134->3135 3136 401c57 3135->3136 3137 401c6c 3136->3137 3138 402da6 17 API calls 3136->3138 3139 401c7c 3137->3139 3140 402da6 17 API calls 3137->3140 3138->3137 3141 401cd3 3139->3141 3142 401c87 3139->3142 3140->3139 3144 402da6 17 API calls 3141->3144 3143 402d84 17 API calls 3142->3143 3146 401c8c 3143->3146 3145 401cd8 3144->3145 3147 402da6 17 API calls 3145->3147 3148 402d84 17 API calls 3146->3148 3149 401ce1 FindWindowExW 3147->3149 3150 401c98 3148->3150 3153 401d03 3149->3153 3151 401cc3 SendMessageW 3150->3151 3152 401ca5 SendMessageTimeoutW 3150->3152 3151->3153 3152->3153 3840 404943 3841 404953 3840->3841 3842 404979 3840->3842 3843 404499 18 API calls 3841->3843 3844 404500 8 API calls 3842->3844 3845 404960 SetDlgItemTextW 3843->3845 3846 404985 3844->3846 3845->3842 3847 4028c4 3848 4028ca 3847->3848 3849 4028d2 FindClose 3848->3849 3850 402c2a 3848->3850 3849->3850 3262 4014cb 3263 40559f 24 API calls 3262->3263 3264 4014d2 3263->3264 3851 4016cc 3852 402da6 17 API calls 3851->3852 3853 4016d2 GetFullPathNameW 3852->3853 3854 40170e 3853->3854 3855 4016ec 3853->3855 3856 401723 GetShortPathNameW 3854->3856 3857 402c2a 3854->3857 3855->3854 3858 406873 2 API calls 3855->3858 3856->3857 3859 4016fe 3858->3859 3859->3854 3861 40653d lstrcpynW 3859->3861 3861->3854 3862 401e4e GetDC 3863 402d84 17 API calls 3862->3863 3864 401e60 GetDeviceCaps MulDiv ReleaseDC 3863->3864 3865 402d84 17 API calls 3864->3865 3866 401e91 3865->3866 3867 40657a 17 API calls 3866->3867 3868 401ece CreateFontIndirectW 3867->3868 3869 402638 3868->3869 3870 4045cf lstrcpynW lstrlenW 3871 401956 3872 402da6 17 API calls 3871->3872 3873 40195d lstrlenW 3872->3873 3874 402638 3873->3874 3612 4014d7 3613 402d84 17 API calls 3612->3613 3614 4014dd Sleep 3613->3614 3616 402c2a 3614->3616 3617 4020d8 3618 4020ea 3617->3618 3628 40219c 3617->3628 3619 402da6 17 API calls 3618->3619 3620 4020f1 3619->3620 3622 402da6 17 API calls 3620->3622 3621 401423 24 API calls 3626 4022f6 3621->3626 3623 4020fa 3622->3623 3624 402110 LoadLibraryExW 3623->3624 3625 402102 GetModuleHandleW 3623->3625 3627 402121 3624->3627 3624->3628 3625->3624 3625->3627 3637 406979 3627->3637 3628->3621 3631 402132 3634 401423 24 API calls 3631->3634 3635 402142 3631->3635 3632 40216b 3633 40559f 24 API calls 3632->3633 3633->3635 3634->3635 3635->3626 3636 40218e FreeLibrary 3635->3636 3636->3626 3642 40655f WideCharToMultiByte 3637->3642 3639 406996 3640 40699d GetProcAddress 3639->3640 3641 40212c 3639->3641 3640->3641 3641->3631 3641->3632 3642->3639 3875 404658 3876 404670 3875->3876 3880 40478a 3875->3880 3881 404499 18 API calls 3876->3881 3877 4047f4 3878 4048be 3877->3878 3879 4047fe GetDlgItem 3877->3879 3886 404500 8 API calls 3878->3886 3882 404818 3879->3882 3883 40487f 3879->3883 3880->3877 3880->3878 3884 4047c5 GetDlgItem SendMessageW 3880->3884 3885 4046d7 3881->3885 3882->3883 3890 40483e SendMessageW LoadCursorW SetCursor 3882->3890 3883->3878 3887 404891 3883->3887 3908 4044bb KiUserCallbackDispatcher 3884->3908 3889 404499 18 API calls 3885->3889 3897 4048b9 3886->3897 3891 4048a7 3887->3891 3892 404897 SendMessageW 3887->3892 3894 4046e4 CheckDlgButton 3889->3894 3912 404907 3890->3912 3891->3897 3898 4048ad SendMessageW 3891->3898 3892->3891 3893 4047ef 3909 4048e3 3893->3909 3906 4044bb KiUserCallbackDispatcher 3894->3906 3898->3897 3901 404702 GetDlgItem 3907 4044ce SendMessageW 3901->3907 3903 404718 SendMessageW 3904 404735 GetSysColor 3903->3904 3905 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3903->3905 3904->3905 3905->3897 3906->3901 3907->3903 3908->3893 3910 4048f1 3909->3910 3911 4048f6 SendMessageW 3909->3911 3910->3911 3911->3877 3915 405b63 ShellExecuteExW 3912->3915 3914 40486d LoadCursorW SetCursor 3914->3883 3915->3914 3916 402b59 3917 402b60 3916->3917 3918 402bab 3916->3918 3920 402d84 17 API calls 3917->3920 3924 402ba9 3917->3924 3919 40690a 5 API calls 3918->3919 3921 402bb2 3919->3921 3923 402b6e 3920->3923 3922 402da6 17 API calls 3921->3922 3925 402bbb 3922->3925 3926 402d84 17 API calls 3923->3926 3925->3924 3927 402bbf IIDFromString 3925->3927 3929 402b7a 3926->3929 3927->3924 3928 402bce 3927->3928 3928->3924 3934 40653d lstrcpynW 3928->3934 3933 406484 wsprintfW 3929->3933 3931 402beb CoTaskMemFree 3931->3924 3933->3924 3934->3931 3760 40175c 3761 402da6 17 API calls 3760->3761 3762 401763 3761->3762 3763 40605c 2 API calls 3762->3763 3764 40176a 3763->3764 3765 40605c 2 API calls 3764->3765 3765->3764 3935 401d5d 3936 402d84 17 API calls 3935->3936 3937 401d6e SetWindowLongW 3936->3937 3938 402c2a 3937->3938 3766 4028de 3767 4028e6 3766->3767 3768 4028ea FindNextFileW 3767->3768 3770 4028fc 3767->3770 3769 402943 3768->3769 3768->3770 3772 40653d lstrcpynW 3769->3772 3772->3770 3773 401ede 3774 402d84 17 API calls 3773->3774 3775 401ee4 3774->3775 3776 402d84 17 API calls 3775->3776 3777 401ef0 3776->3777 3778 401f07 EnableWindow 3777->3778 3779 401efc ShowWindow 3777->3779 3780 402c2a 3778->3780 3779->3780 3781 4056de 3782 405888 3781->3782 3783 4056ff GetDlgItem GetDlgItem GetDlgItem 3781->3783 3785 405891 GetDlgItem CreateThread CloseHandle 3782->3785 3786 4058b9 3782->3786 3826 4044ce SendMessageW 3783->3826 3785->3786 3829 405672 5 API calls 3785->3829 3788 4058e4 3786->3788 3789 4058d0 ShowWindow ShowWindow 3786->3789 3790 405909 3786->3790 3787 40576f 3792 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3787->3792 3791 405944 3788->3791 3794 4058f8 3788->3794 3795 40591e ShowWindow 3788->3795 3828 4044ce SendMessageW 3789->3828 3796 404500 8 API calls 3790->3796 3791->3790 3802 405952 SendMessageW 3791->3802 3800 4057e4 3792->3800 3801 4057c8 SendMessageW SendMessageW 3792->3801 3803 404472 SendMessageW 3794->3803 3798 405930 3795->3798 3799 40593e 3795->3799 3797 405917 3796->3797 3804 40559f 24 API calls 3798->3804 3805 404472 SendMessageW 3799->3805 3806 4057f7 3800->3806 3807 4057e9 SendMessageW 3800->3807 3801->3800 3802->3797 3808 40596b CreatePopupMenu 3802->3808 3803->3790 3804->3799 3805->3791 3810 404499 18 API calls 3806->3810 3807->3806 3809 40657a 17 API calls 3808->3809 3811 40597b AppendMenuW 3809->3811 3812 405807 3810->3812 3813 405998 GetWindowRect 3811->3813 3814 4059ab TrackPopupMenu 3811->3814 3815 405810 ShowWindow 3812->3815 3816 405844 GetDlgItem SendMessageW 3812->3816 3813->3814 3814->3797 3818 4059c6 3814->3818 3819 405833 3815->3819 3820 405826 ShowWindow 3815->3820 3816->3797 3817 40586b SendMessageW SendMessageW 3816->3817 3817->3797 3821 4059e2 SendMessageW 3818->3821 3827 4044ce SendMessageW 3819->3827 3820->3819 3821->3821 3822 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3821->3822 3824 405a24 SendMessageW 3822->3824 3824->3824 3825 405a4d GlobalUnlock SetClipboardData CloseClipboard 3824->3825 3825->3797 3826->3787 3827->3816 3828->3788 3939 404ce0 3940 404cf0 3939->3940 3941 404d0c 3939->3941 3950 405b81 GetDlgItemTextW 3940->3950 3943 404d12 SHGetPathFromIDListW 3941->3943 3944 404d3f 3941->3944 3946 404d29 SendMessageW 3943->3946 3947 404d22 3943->3947 3945 404cfd SendMessageW 3945->3941 3946->3944 3949 40140b 2 API calls 3947->3949 3949->3946 3950->3945 3951 401563 3952 402ba4 3951->3952 3955 406484 wsprintfW 3952->3955 3954 402ba9 3955->3954 3956 401968 3957 402d84 17 API calls 3956->3957 3958 40196f 3957->3958 3959 402d84 17 API calls 3958->3959 3960 40197c 3959->3960 3961 402da6 17 API calls 3960->3961 3962 401993 lstrlenW 3961->3962 3963 4019a4 3962->3963 3964 4019e5 3963->3964 3968 40653d lstrcpynW 3963->3968 3966 4019d5 3966->3964 3967 4019da lstrlenW 3966->3967 3967->3964 3968->3966 3969 40166a 3970 402da6 17 API calls 3969->3970 3971 401670 3970->3971 3972 406873 2 API calls 3971->3972 3973 401676 3972->3973 3974 402aeb 3975 402d84 17 API calls 3974->3975 3976 402af1 3975->3976 3977 40292e 3976->3977 3978 40657a 17 API calls 3976->3978 3978->3977 3979 4026ec 3980 402d84 17 API calls 3979->3980 3986 4026fb 3980->3986 3981 402745 ReadFile 3981->3986 3991 402838 3981->3991 3982 4060b0 ReadFile 3982->3986 3983 402785 MultiByteToWideChar 3983->3986 3984 40283a 4001 406484 wsprintfW 3984->4001 3986->3981 3986->3982 3986->3983 3986->3984 3988 4027ab SetFilePointer MultiByteToWideChar 3986->3988 3989 40284b 3986->3989 3986->3991 3992 40610e SetFilePointer 3986->3992 3988->3986 3990 40286c SetFilePointer 3989->3990 3989->3991 3990->3991 3993 406142 3992->3993 3994 40612a 3992->3994 3993->3986 3995 4060b0 ReadFile 3994->3995 3996 406136 3995->3996 3996->3993 3997 406173 SetFilePointer 3996->3997 3998 40614b SetFilePointer 3996->3998 3997->3993 3998->3997 3999 406156 3998->3999 4000 4060df WriteFile 3999->4000 4000->3993 4001->3991 3521 40176f 3522 402da6 17 API calls 3521->3522 3523 401776 3522->3523 3524 401796 3523->3524 3525 40179e 3523->3525 3560 40653d lstrcpynW 3524->3560 3561 40653d lstrcpynW 3525->3561 3528 40179c 3532 4067c4 5 API calls 3528->3532 3529 4017a9 3530 405e0c 3 API calls 3529->3530 3531 4017af lstrcatW 3530->3531 3531->3528 3536 4017bb 3532->3536 3533 406873 2 API calls 3533->3536 3534 406008 2 API calls 3534->3536 3536->3533 3536->3534 3537 4017cd CompareFileTime 3536->3537 3538 40188d 3536->3538 3545 40657a 17 API calls 3536->3545 3550 40653d lstrcpynW 3536->3550 3555 405b9d MessageBoxIndirectW 3536->3555 3556 401864 3536->3556 3559 40602d GetFileAttributesW CreateFileW 3536->3559 3537->3536 3539 40559f 24 API calls 3538->3539 3541 401897 3539->3541 3540 40559f 24 API calls 3558 401879 3540->3558 3542 4032b4 31 API calls 3541->3542 3543 4018aa 3542->3543 3544 4018be SetFileTime 3543->3544 3546 4018d0 CloseHandle 3543->3546 3544->3546 3545->3536 3547 4018e1 3546->3547 3546->3558 3548 4018e6 3547->3548 3549 4018f9 3547->3549 3551 40657a 17 API calls 3548->3551 3552 40657a 17 API calls 3549->3552 3550->3536 3553 4018ee lstrcatW 3551->3553 3554 401901 3552->3554 3553->3554 3557 405b9d MessageBoxIndirectW 3554->3557 3555->3536 3556->3540 3556->3558 3557->3558 3559->3536 3560->3528 3561->3529 4002 401a72 4003 402d84 17 API calls 4002->4003 4004 401a7b 4003->4004 4005 402d84 17 API calls 4004->4005 4006 401a20 4005->4006 4007 401573 4008 401583 ShowWindow 4007->4008 4009 40158c 4007->4009 4008->4009 4010 402c2a 4009->4010 4011 40159a ShowWindow 4009->4011 4011->4010 4012 4023f4 4013 402da6 17 API calls 4012->4013 4014 402403 4013->4014 4015 402da6 17 API calls 4014->4015 4016 40240c 4015->4016 4017 402da6 17 API calls 4016->4017 4018 402416 GetPrivateProfileStringW 4017->4018 4019 4014f5 SetForegroundWindow 4020 402c2a 4019->4020 4021 401ff6 4022 402da6 17 API calls 4021->4022 4023 401ffd 4022->4023 4024 406873 2 API calls 4023->4024 4025 402003 4024->4025 4026 402014 4025->4026 4028 406484 wsprintfW 4025->4028 4028->4026 4029 401b77 4030 402da6 17 API calls 4029->4030 4031 401b7e 4030->4031 4032 402d84 17 API calls 4031->4032 4033 401b87 wsprintfW 4032->4033 4034 402c2a 4033->4034 4035 40167b 4036 402da6 17 API calls 4035->4036 4037 401682 4036->4037 4038 402da6 17 API calls 4037->4038 4039 40168b 4038->4039 4040 402da6 17 API calls 4039->4040 4041 401694 MoveFileW 4040->4041 4042 4016a0 4041->4042 4043 4016a7 4041->4043 4045 401423 24 API calls 4042->4045 4044 406873 2 API calls 4043->4044 4047 4022f6 4043->4047 4046 4016b6 4044->4046 4045->4047 4046->4047 4048 4062fd 36 API calls 4046->4048 4048->4042 4049 4019ff 4050 402da6 17 API calls 4049->4050 4051 401a06 4050->4051 4052 402da6 17 API calls 4051->4052 4053 401a0f 4052->4053 4054 401a16 lstrcmpiW 4053->4054 4055 401a28 lstrcmpW 4053->4055 4056 401a1c 4054->4056 4055->4056 4057 4022ff 4058 402da6 17 API calls 4057->4058 4059 402305 4058->4059 4060 402da6 17 API calls 4059->4060 4061 40230e 4060->4061 4062 402da6 17 API calls 4061->4062 4063 402317 4062->4063 4064 406873 2 API calls 4063->4064 4065 402320 4064->4065 4066 402331 lstrlenW lstrlenW 4065->4066 4067 402324 4065->4067 4069 40559f 24 API calls 4066->4069 4068 40559f 24 API calls 4067->4068 4071 40232c 4067->4071 4068->4071 4070 40236f SHFileOperationW 4069->4070 4070->4067 4070->4071 4072 401000 4073 401037 BeginPaint GetClientRect 4072->4073 4074 40100c DefWindowProcW 4072->4074 4076 4010f3 4073->4076 4077 401179 4074->4077 4078 401073 CreateBrushIndirect FillRect DeleteObject 4076->4078 4079 4010fc 4076->4079 4078->4076 4080 401102 CreateFontIndirectW 4079->4080 4081 401167 EndPaint 4079->4081 4080->4081 4082 401112 6 API calls 4080->4082 4081->4077 4082->4081 3118 401d81 3119 401d94 GetDlgItem 3118->3119 3120 401d87 3118->3120 3122 401d8e 3119->3122 3129 402d84 3120->3129 3123 401dd5 GetClientRect LoadImageW SendMessageW 3122->3123 3125 402da6 17 API calls 3122->3125 3126 401e33 3123->3126 3128 401e3f 3123->3128 3125->3123 3127 401e38 DeleteObject 3126->3127 3126->3128 3127->3128 3130 40657a 17 API calls 3129->3130 3131 402d99 3130->3131 3131->3122 4083 401503 4084 40151e 4083->4084 4085 40150b 4083->4085 4086 402d84 17 API calls 4085->4086 4086->4084 4087 402383 4088 40238a 4087->4088 4090 40239d 4087->4090 4089 40657a 17 API calls 4088->4089 4091 402397 4089->4091 4092 405b9d MessageBoxIndirectW 4091->4092 4092->4090 4093 404f06 GetDlgItem GetDlgItem 4094 404f58 7 API calls 4093->4094 4101 40517d 4093->4101 4095 404ff2 SendMessageW 4094->4095 4096 404fff DeleteObject 4094->4096 4095->4096 4097 405008 4096->4097 4099 40503f 4097->4099 4102 40657a 17 API calls 4097->4102 4098 40525f 4100 40530b 4098->4100 4104 405170 4098->4104 4110 4052b8 SendMessageW 4098->4110 4103 404499 18 API calls 4099->4103 4105 405315 SendMessageW 4100->4105 4106 40531d 4100->4106 4101->4098 4125 4051ec 4101->4125 4147 404e54 SendMessageW 4101->4147 4107 405021 SendMessageW SendMessageW 4102->4107 4108 405053 4103->4108 4112 404500 8 API calls 4104->4112 4105->4106 4117 405336 4106->4117 4118 40532f ImageList_Destroy 4106->4118 4122 405346 4106->4122 4107->4097 4109 404499 18 API calls 4108->4109 4126 405064 4109->4126 4110->4104 4115 4052cd SendMessageW 4110->4115 4111 405251 SendMessageW 4111->4098 4116 40550c 4112->4116 4114 4054c0 4114->4104 4123 4054d2 ShowWindow GetDlgItem ShowWindow 4114->4123 4120 4052e0 4115->4120 4121 40533f GlobalFree 4117->4121 4117->4122 4118->4117 4119 40513f GetWindowLongW SetWindowLongW 4124 405158 4119->4124 4131 4052f1 SendMessageW 4120->4131 4121->4122 4122->4114 4139 405381 4122->4139 4152 404ed4 4122->4152 4123->4104 4127 405175 4124->4127 4128 40515d ShowWindow 4124->4128 4125->4098 4125->4111 4126->4119 4130 4050b7 SendMessageW 4126->4130 4132 40513a 4126->4132 4134 4050f5 SendMessageW 4126->4134 4135 405109 SendMessageW 4126->4135 4146 4044ce SendMessageW 4127->4146 4145 4044ce SendMessageW 4128->4145 4130->4126 4131->4100 4132->4119 4132->4124 4134->4126 4135->4126 4137 40548b 4138 405496 InvalidateRect 4137->4138 4141 4054a2 4137->4141 4138->4141 4140 4053af SendMessageW 4139->4140 4144 4053c5 4139->4144 4140->4144 4141->4114 4161 404e0f 4141->4161 4143 405439 SendMessageW SendMessageW 4143->4144 4144->4137 4144->4143 4145->4104 4146->4101 4148 404eb3 SendMessageW 4147->4148 4149 404e77 GetMessagePos ScreenToClient SendMessageW 4147->4149 4150 404eab 4148->4150 4149->4150 4151 404eb0 4149->4151 4150->4125 4151->4148 4164 40653d lstrcpynW 4152->4164 4154 404ee7 4165 406484 wsprintfW 4154->4165 4156 404ef1 4157 40140b 2 API calls 4156->4157 4158 404efa 4157->4158 4166 40653d lstrcpynW 4158->4166 4160 404f01 4160->4139 4167 404d46 4161->4167 4163 404e24 4163->4114 4164->4154 4165->4156 4166->4160 4168 404d5f 4167->4168 4169 40657a 17 API calls 4168->4169 4170 404dc3 4169->4170 4171 40657a 17 API calls 4170->4171 4172 404dce 4171->4172 4173 40657a 17 API calls 4172->4173 4174 404de4 lstrlenW wsprintfW SetDlgItemTextW 4173->4174 4174->4163 4175 404609 lstrlenW 4176 404628 4175->4176 4177 40462a WideCharToMultiByte 4175->4177 4176->4177 3180 40248a 3181 402da6 17 API calls 3180->3181 3182 40249c 3181->3182 3183 402da6 17 API calls 3182->3183 3184 4024a6 3183->3184 3197 402e36 3184->3197 3187 40292e 3188 4024de 3190 4024ea 3188->3190 3193 402d84 17 API calls 3188->3193 3189 402da6 17 API calls 3192 4024d4 lstrlenW 3189->3192 3191 402509 RegSetValueExW 3190->3191 3201 4032b4 3190->3201 3195 40251f RegCloseKey 3191->3195 3192->3188 3193->3190 3195->3187 3198 402e51 3197->3198 3221 4063d8 3198->3221 3202 4032cd 3201->3202 3203 4032fb 3202->3203 3228 4034e5 SetFilePointer 3202->3228 3225 4034cf 3203->3225 3207 403452 3207->3191 3208 403468 3210 4034aa 3208->3210 3213 40346c 3208->3213 3209 403318 GetTickCount 3209->3207 3214 403367 3209->3214 3212 4034cf ReadFile 3210->3212 3211 4034cf ReadFile 3211->3214 3212->3207 3213->3207 3215 4034cf ReadFile 3213->3215 3216 4060df WriteFile 3213->3216 3214->3207 3214->3211 3217 4033bd GetTickCount 3214->3217 3218 4033e2 MulDiv wsprintfW 3214->3218 3220 4060df WriteFile 3214->3220 3215->3213 3216->3213 3217->3214 3219 40559f 24 API calls 3218->3219 3219->3214 3220->3214 3222 4063e7 3221->3222 3223 4063f2 RegCreateKeyExW 3222->3223 3224 4024b6 3222->3224 3223->3224 3224->3187 3224->3188 3224->3189 3226 4060b0 ReadFile 3225->3226 3227 403306 3226->3227 3227->3207 3227->3208 3227->3209 3228->3203 4178 40498a 4179 4049b6 4178->4179 4180 4049c7 4178->4180 4239 405b81 GetDlgItemTextW 4179->4239 4182 4049d3 GetDlgItem 4180->4182 4188 404a32 4180->4188 4185 4049e7 4182->4185 4183 404b16 4189 404cc5 4183->4189 4241 405b81 GetDlgItemTextW 4183->4241 4184 4049c1 4186 4067c4 5 API calls 4184->4186 4187 4049fb SetWindowTextW 4185->4187 4192 405eb7 4 API calls 4185->4192 4186->4180 4193 404499 18 API calls 4187->4193 4188->4183 4188->4189 4194 40657a 17 API calls 4188->4194 4191 404500 8 API calls 4189->4191 4196 404cd9 4191->4196 4197 4049f1 4192->4197 4198 404a17 4193->4198 4199 404aa6 SHBrowseForFolderW 4194->4199 4195 404b46 4200 405f14 18 API calls 4195->4200 4197->4187 4204 405e0c 3 API calls 4197->4204 4201 404499 18 API calls 4198->4201 4199->4183 4202 404abe CoTaskMemFree 4199->4202 4203 404b4c 4200->4203 4205 404a25 4201->4205 4206 405e0c 3 API calls 4202->4206 4242 40653d lstrcpynW 4203->4242 4204->4187 4240 4044ce SendMessageW 4205->4240 4208 404acb 4206->4208 4211 404b02 SetDlgItemTextW 4208->4211 4215 40657a 17 API calls 4208->4215 4210 404a2b 4213 40690a 5 API calls 4210->4213 4211->4183 4212 404b63 4214 40690a 5 API calls 4212->4214 4213->4188 4221 404b6a 4214->4221 4217 404aea lstrcmpiW 4215->4217 4216 404bab 4243 40653d lstrcpynW 4216->4243 4217->4211 4218 404afb lstrcatW 4217->4218 4218->4211 4220 404bb2 4222 405eb7 4 API calls 4220->4222 4221->4216 4226 405e58 2 API calls 4221->4226 4227 404c03 4221->4227 4223 404bb8 GetDiskFreeSpaceW 4222->4223 4225 404bdc MulDiv 4223->4225 4223->4227 4225->4227 4226->4221 4228 404c74 4227->4228 4230 404e0f 20 API calls 4227->4230 4229 404c97 4228->4229 4231 40140b 2 API calls 4228->4231 4244 4044bb KiUserCallbackDispatcher 4229->4244 4232 404c61 4230->4232 4231->4229 4234 404c76 SetDlgItemTextW 4232->4234 4235 404c66 4232->4235 4234->4228 4236 404d46 20 API calls 4235->4236 4236->4228 4237 404cb3 4237->4189 4238 4048e3 SendMessageW 4237->4238 4238->4189 4239->4184 4240->4210 4241->4195 4242->4212 4243->4220 4244->4237 3265 40290b 3266 402da6 17 API calls 3265->3266 3267 402912 FindFirstFileW 3266->3267 3268 40293a 3267->3268 3272 402925 3267->3272 3273 406484 wsprintfW 3268->3273 3270 402943 3274 40653d lstrcpynW 3270->3274 3273->3270 3274->3272 4245 40190c 4246 401943 4245->4246 4247 402da6 17 API calls 4246->4247 4248 401948 4247->4248 4249 405c49 67 API calls 4248->4249 4250 401951 4249->4250 4251 40190f 4252 402da6 17 API calls 4251->4252 4253 401916 4252->4253 4254 405b9d MessageBoxIndirectW 4253->4254 4255 40191f 4254->4255 3562 402891 3563 402898 3562->3563 3565 402ba9 3562->3565 3564 402d84 17 API calls 3563->3564 3566 40289f 3564->3566 3567 4028ae SetFilePointer 3566->3567 3567->3565 3568 4028be 3567->3568 3570 406484 wsprintfW 3568->3570 3570->3565 4256 401491 4257 40559f 24 API calls 4256->4257 4258 401498 4257->4258 3571 403b12 3572 403b2a 3571->3572 3573 403b1c CloseHandle 3571->3573 3578 403b57 3572->3578 3573->3572 3576 405c49 67 API calls 3577 403b3b 3576->3577 3579 403b65 3578->3579 3580 403b2f 3579->3580 3581 403b6a FreeLibrary GlobalFree 3579->3581 3580->3576 3581->3580 3581->3581 4259 401f12 4260 402da6 17 API calls 4259->4260 4261 401f18 4260->4261 4262 402da6 17 API calls 4261->4262 4263 401f21 4262->4263 4264 402da6 17 API calls 4263->4264 4265 401f2a 4264->4265 4266 402da6 17 API calls 4265->4266 4267 401f33 4266->4267 4268 401423 24 API calls 4267->4268 4269 401f3a 4268->4269 4276 405b63 ShellExecuteExW 4269->4276 4271 401f82 4272 4069b5 5 API calls 4271->4272 4273 40292e 4271->4273 4274 401f9f CloseHandle 4272->4274 4274->4273 4276->4271 4277 405513 4278 405523 4277->4278 4279 405537 4277->4279 4281 405580 4278->4281 4282 405529 4278->4282 4280 40553f IsWindowVisible 4279->4280 4284 405556 4279->4284 4280->4281 4283 40554c 4280->4283 4285 405585 CallWindowProcW 4281->4285 4286 4044e5 SendMessageW 4282->4286 4287 404e54 5 API calls 4283->4287 4284->4285 4289 404ed4 4 API calls 4284->4289 4288 405533 4285->4288 4286->4288 4287->4284 4289->4281 4290 402f93 4291 402fa5 SetTimer 4290->4291 4292 402fbe 4290->4292 4291->4292 4293 403013 4292->4293 4294 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4292->4294 4294->4293 4295 401d17 4296 402d84 17 API calls 4295->4296 4297 401d1d IsWindow 4296->4297 4298 401a20 4297->4298 3643 403f9a 3644 403fb2 3643->3644 3645 404113 3643->3645 3644->3645 3646 403fbe 3644->3646 3647 404124 GetDlgItem GetDlgItem 3645->3647 3656 404164 3645->3656 3648 403fc9 SetWindowPos 3646->3648 3649 403fdc 3646->3649 3650 404499 18 API calls 3647->3650 3648->3649 3653 403fe5 ShowWindow 3649->3653 3654 404027 3649->3654 3655 40414e SetClassLongW 3650->3655 3651 4041be 3652 4044e5 SendMessageW 3651->3652 3665 40410e 3651->3665 3704 4041d0 3652->3704 3658 404005 GetWindowLongW 3653->3658 3683 4040d1 3653->3683 3659 404046 3654->3659 3660 40402f DestroyWindow 3654->3660 3661 40140b 2 API calls 3655->3661 3656->3651 3657 401389 2 API calls 3656->3657 3662 404196 3657->3662 3664 40401e ShowWindow 3658->3664 3658->3683 3667 40404b SetWindowLongW 3659->3667 3668 40405c 3659->3668 3666 404422 3660->3666 3661->3656 3662->3651 3669 40419a SendMessageW 3662->3669 3664->3654 3666->3665 3675 404453 ShowWindow 3666->3675 3667->3665 3672 404068 GetDlgItem 3668->3672 3668->3683 3669->3665 3670 40140b 2 API calls 3670->3704 3671 404424 DestroyWindow KiUserCallbackDispatcher 3671->3666 3673 404096 3672->3673 3674 404079 SendMessageW IsWindowEnabled 3672->3674 3677 4040a3 3673->3677 3678 4040ea SendMessageW 3673->3678 3679 4040b6 3673->3679 3687 40409b 3673->3687 3674->3665 3674->3673 3675->3665 3676 40657a 17 API calls 3676->3704 3677->3678 3677->3687 3678->3683 3681 4040d3 3679->3681 3682 4040be 3679->3682 3684 40140b 2 API calls 3681->3684 3686 40140b 2 API calls 3682->3686 3723 404500 3683->3723 3684->3687 3685 404499 18 API calls 3685->3704 3686->3687 3687->3683 3720 404472 3687->3720 3689 40424b GetDlgItem 3690 404260 3689->3690 3691 404268 ShowWindow KiUserCallbackDispatcher 3689->3691 3690->3691 3717 4044bb KiUserCallbackDispatcher 3691->3717 3693 404292 EnableWindow 3698 4042a6 3693->3698 3694 4042ab GetSystemMenu EnableMenuItem SendMessageW 3695 4042db SendMessageW 3694->3695 3694->3698 3695->3698 3697 403f7b 18 API calls 3697->3698 3698->3694 3698->3697 3718 4044ce SendMessageW 3698->3718 3719 40653d lstrcpynW 3698->3719 3700 40430a lstrlenW 3701 40657a 17 API calls 3700->3701 3702 404320 SetWindowTextW 3701->3702 3703 401389 2 API calls 3702->3703 3703->3704 3704->3665 3704->3670 3704->3671 3704->3676 3704->3685 3705 404364 DestroyWindow 3704->3705 3714 404499 3704->3714 3705->3666 3706 40437e CreateDialogParamW 3705->3706 3706->3666 3707 4043b1 3706->3707 3708 404499 18 API calls 3707->3708 3709 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3708->3709 3710 401389 2 API calls 3709->3710 3711 404402 3710->3711 3711->3665 3712 40440a ShowWindow 3711->3712 3713 4044e5 SendMessageW 3712->3713 3713->3666 3715 40657a 17 API calls 3714->3715 3716 4044a4 SetDlgItemTextW 3715->3716 3716->3689 3717->3693 3718->3698 3719->3700 3721 404479 3720->3721 3722 40447f SendMessageW 3720->3722 3721->3722 3722->3683 3724 404518 GetWindowLongW 3723->3724 3725 4045c3 3723->3725 3724->3725 3726 40452d 3724->3726 3725->3665 3726->3725 3727 40455a GetSysColor 3726->3727 3728 40455d 3726->3728 3727->3728 3729 404563 SetTextColor 3728->3729 3730 40456d SetBkMode 3728->3730 3729->3730 3731 404585 GetSysColor 3730->3731 3732 40458b 3730->3732 3731->3732 3733 404592 SetBkColor 3732->3733 3734 40459c 3732->3734 3733->3734 3734->3725 3735 4045b6 CreateBrushIndirect 3734->3735 3736 4045af DeleteObject 3734->3736 3735->3725 3736->3735 3737 401b9b 3738 401ba8 3737->3738 3739 401bec 3737->3739 3744 401bbf 3738->3744 3746 401c31 3738->3746 3740 401bf1 3739->3740 3741 401c16 GlobalAlloc 3739->3741 3748 40239d 3740->3748 3758 40653d lstrcpynW 3740->3758 3743 40657a 17 API calls 3741->3743 3742 40657a 17 API calls 3749 402397 3742->3749 3743->3746 3756 40653d lstrcpynW 3744->3756 3746->3742 3746->3748 3752 405b9d MessageBoxIndirectW 3749->3752 3750 401c03 GlobalFree 3750->3748 3751 401bce 3757 40653d lstrcpynW 3751->3757 3752->3748 3754 401bdd 3759 40653d lstrcpynW 3754->3759 3756->3751 3757->3754 3758->3750 3759->3748 4299 40261c 4300 402da6 17 API calls 4299->4300 4301 402623 4300->4301 4304 40602d GetFileAttributesW CreateFileW 4301->4304 4303 40262f 4304->4303 3830 40259e 3831 402de6 17 API calls 3830->3831 3832 4025a8 3831->3832 3833 402d84 17 API calls 3832->3833 3834 4025b1 3833->3834 3835 40292e 3834->3835 3836 4025d9 RegEnumValueW 3834->3836 3837 4025cd RegEnumKeyW 3834->3837 3838 4025ee RegCloseKey 3836->3838 3837->3838 3838->3835 4305 40149e 4306 4014ac PostQuitMessage 4305->4306 4307 40239d 4305->4307 4306->4307 4308 402c23 InvalidateRect 4309 402c2a 4308->4309 4310 4015a3 4311 402da6 17 API calls 4310->4311 4312 4015aa SetFileAttributesW 4311->4312 4313 4015bc 4312->4313 3154 401fa4 3155 402da6 17 API calls 3154->3155 3156 401faa 3155->3156 3157 40559f 24 API calls 3156->3157 3158 401fb4 3157->3158 3167 405b20 CreateProcessW 3158->3167 3161 40292e 3164 401fcf 3165 401fdd CloseHandle 3164->3165 3175 406484 wsprintfW 3164->3175 3165->3161 3168 405b53 CloseHandle 3167->3168 3169 401fba 3167->3169 3168->3169 3169->3161 3169->3165 3170 4069b5 WaitForSingleObject 3169->3170 3171 4069cf 3170->3171 3172 4069e1 GetExitCodeProcess 3171->3172 3176 406946 3171->3176 3172->3164 3175->3165 3177 406963 PeekMessageW 3176->3177 3178 406973 WaitForSingleObject 3177->3178 3179 406959 DispatchMessageW 3177->3179 3178->3171 3179->3177 3229 4021aa 3230 402da6 17 API calls 3229->3230 3231 4021b1 3230->3231 3232 402da6 17 API calls 3231->3232 3233 4021bb 3232->3233 3234 402da6 17 API calls 3233->3234 3235 4021c5 3234->3235 3236 402da6 17 API calls 3235->3236 3237 4021cf 3236->3237 3238 402da6 17 API calls 3237->3238 3239 4021d9 3238->3239 3240 402218 CoCreateInstance 3239->3240 3241 402da6 17 API calls 3239->3241 3244 402237 3240->3244 3241->3240 3242 401423 24 API calls 3243 4022f6 3242->3243 3244->3242 3244->3243 3245 40252a 3256 402de6 3245->3256 3248 402da6 17 API calls 3249 40253d 3248->3249 3250 402548 RegQueryValueExW 3249->3250 3251 40292e 3249->3251 3252 402568 3250->3252 3253 40256e RegCloseKey 3250->3253 3252->3253 3261 406484 wsprintfW 3252->3261 3253->3251 3257 402da6 17 API calls 3256->3257 3258 402dfd 3257->3258 3259 4063aa RegOpenKeyExW 3258->3259 3260 402534 3259->3260 3260->3248 3261->3253 4314 40202a 4315 402da6 17 API calls 4314->4315 4316 402031 4315->4316 4317 40690a 5 API calls 4316->4317 4318 402040 4317->4318 4319 40205c GlobalAlloc 4318->4319 4320 4020cc 4318->4320 4319->4320 4321 402070 4319->4321 4322 40690a 5 API calls 4321->4322 4323 402077 4322->4323 4324 40690a 5 API calls 4323->4324 4325 402081 4324->4325 4325->4320 4329 406484 wsprintfW 4325->4329 4327 4020ba 4330 406484 wsprintfW 4327->4330 4329->4327 4330->4320 4331 403baa 4332 403bb5 4331->4332 4333 403bb9 4332->4333 4334 403bbc GlobalAlloc 4332->4334 4334->4333 3275 40352d SetErrorMode GetVersionExW 3276 4035b7 3275->3276 3277 40357f GetVersionExW 3275->3277 3278 403610 3276->3278 3279 40690a 5 API calls 3276->3279 3277->3276 3280 40689a 3 API calls 3278->3280 3279->3278 3281 403626 lstrlenA 3280->3281 3281->3278 3282 403636 3281->3282 3283 40690a 5 API calls 3282->3283 3284 40363d 3283->3284 3285 40690a 5 API calls 3284->3285 3286 403644 3285->3286 3287 40690a 5 API calls 3286->3287 3288 403650 #17 OleInitialize SHGetFileInfoW 3287->3288 3365 40653d lstrcpynW 3288->3365 3291 40369d GetCommandLineW 3366 40653d lstrcpynW 3291->3366 3293 4036af 3294 405e39 CharNextW 3293->3294 3295 4036d5 CharNextW 3294->3295 3298 4036e6 3295->3298 3296 4037e4 3297 4037f8 GetTempPathW 3296->3297 3367 4034fc 3297->3367 3298->3296 3303 405e39 CharNextW 3298->3303 3310 4037e6 3298->3310 3300 403810 3301 403814 GetWindowsDirectoryW lstrcatW 3300->3301 3302 40386a DeleteFileW 3300->3302 3305 4034fc 12 API calls 3301->3305 3377 40307d GetTickCount GetModuleFileNameW 3302->3377 3303->3298 3306 403830 3305->3306 3306->3302 3309 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3306->3309 3307 40387d 3308 403a59 ExitProcess CoUninitialize 3307->3308 3311 403932 3307->3311 3316 405e39 CharNextW 3307->3316 3313 403a69 3308->3313 3314 403a7e 3308->3314 3315 4034fc 12 API calls 3309->3315 3461 40653d lstrcpynW 3310->3461 3405 403bec 3311->3405 3466 405b9d 3313->3466 3319 403a86 GetCurrentProcess OpenProcessToken 3314->3319 3320 403afc ExitProcess 3314->3320 3321 403862 3315->3321 3332 40389f 3316->3332 3325 403acc 3319->3325 3326 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3319->3326 3321->3302 3321->3308 3322 403941 3322->3308 3327 40690a 5 API calls 3325->3327 3326->3325 3328 403ad3 3327->3328 3331 403ae8 ExitWindowsEx 3328->3331 3335 403af5 3328->3335 3329 403908 3334 405f14 18 API calls 3329->3334 3330 403949 3333 405b08 5 API calls 3330->3333 3331->3320 3331->3335 3332->3329 3332->3330 3336 40394e lstrcatW 3333->3336 3337 403914 3334->3337 3470 40140b 3335->3470 3339 40396a lstrcatW lstrcmpiW 3336->3339 3340 40395f lstrcatW 3336->3340 3337->3308 3462 40653d lstrcpynW 3337->3462 3339->3322 3342 40398a 3339->3342 3340->3339 3344 403996 3342->3344 3345 40398f 3342->3345 3343 403927 3463 40653d lstrcpynW 3343->3463 3346 405aeb 2 API calls 3344->3346 3348 405a6e 4 API calls 3345->3348 3349 40399b SetCurrentDirectoryW 3346->3349 3350 403994 3348->3350 3351 4039b8 3349->3351 3352 4039ad 3349->3352 3350->3349 3465 40653d lstrcpynW 3351->3465 3464 40653d lstrcpynW 3352->3464 3355 40657a 17 API calls 3356 4039fa DeleteFileW 3355->3356 3357 403a06 CopyFileW 3356->3357 3362 4039c5 3356->3362 3357->3362 3358 403a50 3359 4062fd 36 API calls 3358->3359 3359->3322 3360 4062fd 36 API calls 3360->3362 3361 40657a 17 API calls 3361->3362 3362->3355 3362->3358 3362->3360 3362->3361 3363 405b20 2 API calls 3362->3363 3364 403a3a CloseHandle 3362->3364 3363->3362 3364->3362 3365->3291 3366->3293 3368 4067c4 5 API calls 3367->3368 3369 403508 3368->3369 3370 403512 3369->3370 3371 405e0c 3 API calls 3369->3371 3370->3300 3372 40351a 3371->3372 3373 405aeb 2 API calls 3372->3373 3374 403520 3373->3374 3473 40605c 3374->3473 3477 40602d GetFileAttributesW CreateFileW 3377->3477 3379 4030bd 3399 4030cd 3379->3399 3478 40653d lstrcpynW 3379->3478 3381 4030e3 3382 405e58 2 API calls 3381->3382 3383 4030e9 3382->3383 3479 40653d lstrcpynW 3383->3479 3385 4030f4 GetFileSize 3386 4031ee 3385->3386 3404 40310b 3385->3404 3480 403019 3386->3480 3388 4031f7 3390 403227 GlobalAlloc 3388->3390 3388->3399 3492 4034e5 SetFilePointer 3388->3492 3389 4034cf ReadFile 3389->3404 3491 4034e5 SetFilePointer 3390->3491 3391 40325a 3396 403019 6 API calls 3391->3396 3394 403210 3397 4034cf ReadFile 3394->3397 3395 403242 3398 4032b4 31 API calls 3395->3398 3396->3399 3400 40321b 3397->3400 3402 40324e 3398->3402 3399->3307 3400->3390 3400->3399 3401 403019 6 API calls 3401->3404 3402->3399 3402->3402 3403 40328b SetFilePointer 3402->3403 3403->3399 3404->3386 3404->3389 3404->3391 3404->3399 3404->3401 3406 40690a 5 API calls 3405->3406 3407 403c00 3406->3407 3408 403c06 3407->3408 3409 403c18 3407->3409 3508 406484 wsprintfW 3408->3508 3410 40640b 3 API calls 3409->3410 3411 403c48 3410->3411 3413 403c67 lstrcatW 3411->3413 3415 40640b 3 API calls 3411->3415 3414 403c16 3413->3414 3493 403ec2 3414->3493 3415->3413 3418 405f14 18 API calls 3419 403c99 3418->3419 3420 403d2d 3419->3420 3423 40640b 3 API calls 3419->3423 3421 405f14 18 API calls 3420->3421 3422 403d33 3421->3422 3425 403d43 LoadImageW 3422->3425 3426 40657a 17 API calls 3422->3426 3424 403ccb 3423->3424 3424->3420 3429 403cec lstrlenW 3424->3429 3432 405e39 CharNextW 3424->3432 3427 403de9 3425->3427 3428 403d6a RegisterClassW 3425->3428 3426->3425 3431 40140b 2 API calls 3427->3431 3430 403da0 SystemParametersInfoW CreateWindowExW 3428->3430 3460 403df3 3428->3460 3433 403d20 3429->3433 3434 403cfa lstrcmpiW 3429->3434 3430->3427 3435 403def 3431->3435 3436 403ce9 3432->3436 3438 405e0c 3 API calls 3433->3438 3434->3433 3437 403d0a GetFileAttributesW 3434->3437 3440 403ec2 18 API calls 3435->3440 3435->3460 3436->3429 3439 403d16 3437->3439 3441 403d26 3438->3441 3439->3433 3442 405e58 2 API calls 3439->3442 3443 403e00 3440->3443 3509 40653d lstrcpynW 3441->3509 3442->3433 3445 403e0c ShowWindow 3443->3445 3446 403e8f 3443->3446 3448 40689a 3 API calls 3445->3448 3501 405672 OleInitialize 3446->3501 3449 403e24 3448->3449 3451 403e32 GetClassInfoW 3449->3451 3454 40689a 3 API calls 3449->3454 3450 403e95 3452 403eb1 3450->3452 3453 403e99 3450->3453 3456 403e46 GetClassInfoW RegisterClassW 3451->3456 3457 403e5c DialogBoxParamW 3451->3457 3455 40140b 2 API calls 3452->3455 3459 40140b 2 API calls 3453->3459 3453->3460 3454->3451 3455->3460 3456->3457 3458 40140b 2 API calls 3457->3458 3458->3460 3459->3460 3460->3322 3461->3297 3462->3343 3463->3311 3464->3351 3465->3362 3467 405bb2 3466->3467 3468 403a76 ExitProcess 3467->3468 3469 405bc6 MessageBoxIndirectW 3467->3469 3469->3468 3471 401389 2 API calls 3470->3471 3472 401420 3471->3472 3472->3320 3474 406069 GetTickCount GetTempFileNameW 3473->3474 3475 40352b 3474->3475 3476 40609f 3474->3476 3475->3300 3476->3474 3476->3475 3477->3379 3478->3381 3479->3385 3481 403022 3480->3481 3482 40303a 3480->3482 3483 403032 3481->3483 3484 40302b DestroyWindow 3481->3484 3485 403042 3482->3485 3486 40304a GetTickCount 3482->3486 3483->3388 3484->3483 3489 406946 2 API calls 3485->3489 3487 403058 CreateDialogParamW ShowWindow 3486->3487 3488 40307b 3486->3488 3487->3488 3488->3388 3490 403048 3489->3490 3490->3388 3491->3395 3492->3394 3494 403ed6 3493->3494 3510 406484 wsprintfW 3494->3510 3496 403f47 3511 403f7b 3496->3511 3498 403c77 3498->3418 3499 403f4c 3499->3498 3500 40657a 17 API calls 3499->3500 3500->3499 3514 4044e5 3501->3514 3503 4056bc 3504 4044e5 SendMessageW 3503->3504 3506 4056ce CoUninitialize 3504->3506 3505 405695 3505->3503 3517 401389 3505->3517 3506->3450 3508->3414 3509->3420 3510->3496 3512 40657a 17 API calls 3511->3512 3513 403f89 SetWindowTextW 3512->3513 3513->3499 3515 4044fd 3514->3515 3516 4044ee SendMessageW 3514->3516 3515->3505 3516->3515 3519 401390 3517->3519 3518 4013fe 3518->3505 3519->3518 3520 4013cb MulDiv SendMessageW 3519->3520 3520->3519 4335 401a30 4336 402da6 17 API calls 4335->4336 4337 401a39 ExpandEnvironmentStringsW 4336->4337 4338 401a4d 4337->4338 4340 401a60 4337->4340 4339 401a52 lstrcmpW 4338->4339 4338->4340 4339->4340 4346 4023b2 4347 4023c0 4346->4347 4348 4023ba 4346->4348 4350 4023ce 4347->4350 4351 402da6 17 API calls 4347->4351 4349 402da6 17 API calls 4348->4349 4349->4347 4352 4023dc 4350->4352 4354 402da6 17 API calls 4350->4354 4351->4350 4353 402da6 17 API calls 4352->4353 4355 4023e5 WritePrivateProfileStringW 4353->4355 4354->4352 3582 402434 3583 402467 3582->3583 3584 40243c 3582->3584 3586 402da6 17 API calls 3583->3586 3585 402de6 17 API calls 3584->3585 3588 402443 3585->3588 3587 40246e 3586->3587 3593 402e64 3587->3593 3590 402da6 17 API calls 3588->3590 3591 40247b 3588->3591 3592 402454 RegDeleteValueW RegCloseKey 3590->3592 3592->3591 3594 402e71 3593->3594 3595 402e78 3593->3595 3594->3591 3595->3594 3597 402ea9 3595->3597 3598 4063aa RegOpenKeyExW 3597->3598 3599 402ed7 3598->3599 3600 402ee1 3599->3600 3601 402f8c 3599->3601 3602 402ee7 RegEnumValueW 3600->3602 3606 402f0a 3600->3606 3601->3594 3603 402f71 RegCloseKey 3602->3603 3602->3606 3603->3601 3604 402f46 RegEnumKeyW 3605 402f4f RegCloseKey 3604->3605 3604->3606 3607 40690a 5 API calls 3605->3607 3606->3603 3606->3604 3606->3605 3608 402ea9 6 API calls 3606->3608 3609 402f5f 3607->3609 3608->3606 3610 402f81 3609->3610 3611 402f63 RegDeleteKeyW 3609->3611 3610->3601 3611->3601 4356 401735 4357 402da6 17 API calls 4356->4357 4358 40173c SearchPathW 4357->4358 4359 401757 4358->4359 4360 401d38 4361 402d84 17 API calls 4360->4361 4362 401d3f 4361->4362 4363 402d84 17 API calls 4362->4363 4364 401d4b GetDlgItem 4363->4364 4365 402638 4364->4365 4366 4014b8 4367 4014be 4366->4367 4368 401389 2 API calls 4367->4368 4369 4014c6 4368->4369 4370 40263e 4371 402652 4370->4371 4372 40266d 4370->4372 4373 402d84 17 API calls 4371->4373 4374 402672 4372->4374 4375 40269d 4372->4375 4383 402659 4373->4383 4376 402da6 17 API calls 4374->4376 4377 402da6 17 API calls 4375->4377 4378 402679 4376->4378 4379 4026a4 lstrlenW 4377->4379 4387 40655f WideCharToMultiByte 4378->4387 4379->4383 4381 40268d lstrlenA 4381->4383 4382 4026d1 4384 4060df WriteFile 4382->4384 4386 4026e7 4382->4386 4383->4382 4385 40610e 5 API calls 4383->4385 4383->4386 4384->4386 4385->4382 4387->4381

                                                                                                                Executed Functions

                                                                                                                Function 0040352D Relevance: 89.7, APIs: 34, Strings: 17, Instructions: 450stringfilecomCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 35 4037f8-403812 GetTempPathW call 4034fc 33->35 36 4036f5-4036fb 34->36 37 4036ee-4036f3 34->37 46 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 35->46 47 40386a-403882 DeleteFileW call 40307d 35->47 38 403702-403706 36->38 39 4036fd-403701 36->39 37->36 37->37 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 57 4037d6-4037d7 41->57 44 403714-40371b 42->44 45 40372c-403765 42->45 51 403722 44->51 52 40371d-403720 44->52 53 403781-4037bb 45->53 54 403767-40376c 45->54 46->47 66 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 46->66 62 403888-40388e 47->62 63 403a59-403a67 ExitProcess CoUninitialize 47->63 51->45 52->45 52->51 60 4037c3-4037c5 53->60 61 4037bd-4037c1 53->61 54->53 58 40376e-403776 54->58 57->32 64 403778-40377b 58->64 65 40377d 58->65 60->41 61->60 67 4037e6-4037f3 call 40653d 61->67 68 403894-4038a7 call 405e39 62->68 69 403935-40393c call 403bec 62->69 71 403a69-403a78 call 405b9d ExitProcess 63->71 72 403a7e-403a84 63->72 64->53 64->65 65->53 66->47 66->63 67->35 88 4038f9-403906 68->88 89 4038a9-4038de 68->89 81 403941-403944 69->81 77 403a86-403a9b GetCurrentProcess OpenProcessToken 72->77 78 403afc-403b04 72->78 85 403acc-403ada call 40690a 77->85 86 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 77->86 82 403b06 78->82 83 403b09-403b0c ExitProcess 78->83 81->63 82->83 94 403ae8-403af3 ExitWindowsEx 85->94 95 403adc-403ae6 85->95 86->85 92 403908-403916 call 405f14 88->92 93 403949-40395d call 405b08 lstrcatW 88->93 91 4038e0-4038e4 89->91 96 4038e6-4038eb 91->96 97 4038ed-4038f5 91->97 92->63 108 40391c-403932 call 40653d * 2 92->108 106 40396a-403984 lstrcatW lstrcmpiW 93->106 107 40395f-403965 lstrcatW 93->107 94->78 100 403af5-403af7 call 40140b 94->100 95->94 95->100 96->97 101 4038f7 96->101 97->91 97->101 100->78 101->88 110 403a57 106->110 111 40398a-40398d 106->111 107->106 108->69 110->63 113 403996 call 405aeb 111->113 114 40398f-403994 call 405a6e 111->114 118 40399b-4039ab SetCurrentDirectoryW 113->118 114->118 121 4039b8-4039e4 call 40653d 118->121 122 4039ad-4039b3 call 40653d 118->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 131 403a50-403a52 call 4062fd 129->131 130->129 132 403a18-403a38 call 4062fd call 40657a call 405b20 130->132 131->110 132->129 140 403a3a-403a41 CloseHandle 132->140 140->129
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000020,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000), ref: 004036D6
                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 00403956
                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 00403965
                                                                                                                  • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 00403970
                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\3.19.1+SetupWIService.exe",00000000,?), ref: 0040397C
                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\3.19.1+SetupWIService.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                • CoUninitialize.COMBASE(?), ref: 00403A5E
                                                                                                                • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                • String ID: "C:\Users\user\Desktop\3.19.1+SetupWIService.exe"$.tmp$1033$C:\Program Files\Wildix\WIService$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\3.19.1+SetupWIService.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                • API String ID: 2292928366-1277766283
                                                                                                                • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 164 4057e4-4057e7 143->164 165 4057c8-4057e2 SendMessageW * 2 143->165 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 153 4058f0-4058f6 148->153 154 405944-405948 148->154 151 4058d0-4058df ShowWindow * 2 call 4044ce 149->151 152 405909-405912 call 404500 149->152 151->148 161 405917-40591b 152->161 158 4058f8-405904 call 404472 153->158 159 40591e-40592e ShowWindow 153->159 154->152 156 40594a-405950 154->156 156->152 166 405952-405965 SendMessageW 156->166 158->152 162 405930-405939 call 40559f 159->162 163 40593e-40593f call 404472 159->163 162->163 163->154 170 4057f7-40580e call 404499 164->170 171 4057e9-4057f5 SendMessageW 164->171 165->164 172 405a67-405a69 166->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 166->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->161 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 183 4059c6-4059dd 179->183 184 405833 180->184 185 405826-405831 ShowWindow 180->185 181->172 182 40586b-405883 SendMessageW * 2 181->182 182->172 187 4059e2-4059fd SendMessageW 183->187 186 405839-40583f call 4044ce 184->186 185->186 186->181 187->187 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 187->188 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                                                                • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                • ShowWindow.USER32(000104AA,00000008), ref: 004058DC
                                                                                                                • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                • CloseClipboard.USER32 ref: 00405A61
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                • String ID: {
                                                                                                                • API String ID: 590372296-366298937
                                                                                                                • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNELBASE(?,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*,?,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CBA
                                                                                                                • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*,?,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CDD
                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*,?,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*,?,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\*.*$\*.*
                                                                                                                • API String ID: 2035342205-19263724
                                                                                                                • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNELBASE(?,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\, 4Mw,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,774D3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                Strings
                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 00402269
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInstance
                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 542301482-2436880260
                                                                                                                • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 1974802433-0
                                                                                                                • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 198 403fc9-403fd6 SetWindowPos 195->198 199 403fdc-403fe3 195->199 201 4041c6-4041cb call 4044e5 196->201 202 404188-40418b 196->202 197->196 198->199 204 403fe5-403fff ShowWindow 199->204 205 404027-40402d 199->205 211 4041d0-4041eb 201->211 207 40418d-404198 call 401389 202->207 208 4041be-4041c0 202->208 212 404100-40410e call 404500 204->212 213 404005-404018 GetWindowLongW 204->213 214 404046-404049 205->214 215 40402f-404041 DestroyWindow 205->215 207->208 227 40419a-4041b9 SendMessageW 207->227 208->201 210 404466 208->210 222 404468-40446f 210->222 219 4041f4-4041fa 211->219 220 4041ed-4041ef call 40140b 211->220 212->222 213->212 221 40401e-404021 ShowWindow 213->221 225 40404b-404057 SetWindowLongW 214->225 226 40405c-404062 214->226 223 404443-404449 215->223 231 404200-40420b 219->231 232 404424-40443d DestroyWindow KiUserCallbackDispatcher 219->232 220->219 221->205 223->210 230 40444b-404451 223->230 225->222 226->212 233 404068-404077 GetDlgItem 226->233 227->222 230->210 236 404453-40445c ShowWindow 230->236 231->232 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 231->237 232->223 234 404096-404099 233->234 235 404079-404090 SendMessageW IsWindowEnabled 233->235 238 40409b-40409c 234->238 239 40409e-4040a1 234->239 235->210 235->234 236->210 264 404260-404265 237->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 237->265 241 4040cc-4040d1 call 404472 238->241 242 4040a3-4040a9 239->242 243 4040af-4040b4 239->243 241->212 245 4040ea-4040fa SendMessageW 242->245 246 4040ab-4040ad 242->246 243->245 247 4040b6-4040bc 243->247 245->212 246->241 250 4040d3-4040dc call 40140b 247->250 251 4040be-4040c4 call 40140b 247->251 250->212 260 4040de-4040e8 250->260 262 4040ca 251->262 260->262 262->241 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->211 284 404339-40433b 273->284 284->211 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->223 289 40437e-4043ab CreateDialogParamW 286->289 287->210 288 404353-404359 287->288 288->211 290 40435f 288->290 289->223 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->210 291->210 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->223
                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                • DestroyWindow.USER32 ref: 00404035
                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 121052019-0
                                                                                                                • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 320 403cac-403cc6 call 40640b 317->320 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 323 403ccb-403cd4 320->323 323->318 326 403cd6-403cda 323->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 342 403df3-403df6 328->342 343 403dfb-403e06 call 403ec2 328->343 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 341 403d0a-403d14 GetFileAttributesW 338->341 345 403d16-403d18 341->345 346 403d1a-403d1b call 405e58 341->346 342->336 352 403e0c-403e26 ShowWindow call 40689a 343->352 353 403e8f-403e90 call 405672 343->353 345->337 345->346 346->337 358 403e32-403e44 GetClassInfoW 352->358 359 403e28-403e2d call 40689a 352->359 357 403e95-403e97 353->357 360 403eb1-403eb3 call 40140b 357->360 361 403e99-403e9f 357->361 364 403e46-403e56 GetClassInfoW RegisterClassW 358->364 365 403e5c-403e7f DialogBoxParamW call 40140b 358->365 359->358 360->333 361->342 366 403ea5-403eac call 40140b 361->366 364->365 370 403e84-403e8d call 403b3c 365->370 366->342 370->336
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                  • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                • lstrcatW.KERNEL32(1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,774D3420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403C6D
                                                                                                                • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,774D3420), ref: 00403CED
                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Wildix\WIService,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files\Wildix\WIService), ref: 00403D54
                                                                                                                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                • API String ID: 1975747703-1599270012
                                                                                                                • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 393 403200-403203 385->393 394 403253-403258 385->394 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 398 40325a-403262 call 403019 391->398 399 40313a-403141 391->399 396 403205-40321d call 4034e5 call 4034cf 393->396 397 403227-403251 GlobalAlloc call 4034e5 call 4032b4 393->397 394->378 396->394 419 40321f-403225 396->419 397->394 424 403264-403275 397->424 398->394 403 403143-403157 call 405fe8 399->403 404 4031bd-4031c1 399->404 409 4031cb-4031d1 403->409 422 403159-403160 403->422 408 4031c3-4031ca call 403019 404->408 404->409 408->409 415 4031e0-4031e8 409->415 416 4031d3-4031dd call 4069f7 409->416 415->388 423 4031ee 415->423 416->415 419->394 419->397 422->409 426 403162-403169 422->426 423->385 427 403277 424->427 428 40327d-403282 424->428 426->409 430 40316b-403172 426->430 427->428 429 403283-403289 428->429 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->409 432 403174-40317b 430->432 435 4032ab 431->435 432->409 434 40317d-40319d 432->434 434->394 436 4031a3-4031a7 434->436 435->378 437 4031a9-4031ad 436->437 438 4031af-4031b7 436->438 437->423 437->438 438->409 439 4031b9-4031bb 438->439 439->409
                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\3.19.1+SetupWIService.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                • API String ID: 2803837635-3041082881
                                                                                                                • Opcode ID: de3a7b98d119d447b438ab8d8f6d54b50e9da780634de5a43c52504fc5311ab1
                                                                                                                • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                • Opcode Fuzzy Hash: de3a7b98d119d447b438ab8d8f6d54b50e9da780634de5a43c52504fc5311ab1
                                                                                                                • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 519 406796-406799 517->519 520 40678a-406794 517->520 521 40672c-406731 518->521 522 40663f-406646 518->522 523 40679b-4067a4 519->523 520->523 524 406733-406739 521->524 525 406764-406769 521->525 526 406648-40664a 522->526 527 40664b-40664d 522->527 523->511 530 4065d7 523->530 531 406749-406755 call 40653d 524->531 532 40673b-406747 call 406484 524->532 528 406778-406786 lstrlenW 525->528 529 40676b-406773 call 40657a 525->529 526->527 533 40668a-40668d 527->533 534 40664f-40666d call 40640b 527->534 528->523 529->528 530->512 546 40675a-406760 531->546 532->546 537 40669d-4066a0 533->537 538 40668f-40669b GetSystemDirectoryW 533->538 541 406672-406676 534->541 543 4066a2-4066b0 GetWindowsDirectoryW 537->543 544 406709-40670b 537->544 542 40670d-406711 538->542 548 406713-406717 541->548 549 40667c-406685 call 40657a 541->549 542->548 550 406724-40672a call 4067c4 542->550 543->544 544->542 547 4066b2-4066ba 544->547 546->528 551 406762 546->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 547->555 556 4066bc-4066c5 547->556 548->550 552 406719-40671f lstrcatW 548->552 549->542 550->528 551->550 552->550 559 406705 555->559 560 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->560 561 4066cd-4066cf 556->561 559->544 560->542 560->559 561->542 561->555
                                                                                                                APIs
                                                                                                                • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00000000,00425020,774D23A0), ref: 004066A8
                                                                                                                • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000), ref: 00406779
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                • API String ID: 4260037668-449573791
                                                                                                                • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 577 4034c8-4034cc 574->577 580 4034aa-4034ad 575->580 581 40346c-40346f 575->581 578 4034c5 576->578 579 403367-40336f 576->579 578->577 582 403371 579->582 583 403374-403382 call 4034cf 579->583 584 4034b2-4034bb call 4034cf 580->584 585 4034af 580->585 581->578 586 403471 581->586 582->583 583->572 595 403388-403391 583->595 584->572 596 4034c2 584->596 585->584 589 403474-40347a 586->589 590 40347c 589->590 591 40347e-40348c call 4034cf 589->591 590->591 591->572 599 40348e-40349a call 4060df 591->599 598 403397-4033b7 call 406a65 595->598 596->578 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->589 612 4034a8 607->612 613 4033e2-403413 MulDiv wsprintfW call 40559f 608->613 614 4033dc-4033e0 608->614 610 403454-403458 609->610 611 40341f-403423 609->611 610->579 617 40345e 610->617 615 403425-40342c call 4060df 611->615 616 40343a-403445 611->616 612->578 621 403418 613->621 614->609 614->613 622 403431-403433 615->622 620 403448-40344c 616->620 617->578 620->598 623 403452 620->623 621->609 622->606 624 403435-403438 622->624 623->578 624->620
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                • String ID: *B$ PB$ A$ A$... %d%%$}8@
                                                                                                                • API String ID: 551687249-3288948294
                                                                                                                • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                                                                • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 650 4017dd-4017ef 641->650 651 4017cd-4017db CompareFileTime 641->651 644 4017f7-4017f8 call 406008 642->644 645 4017fd-401819 call 40602d 642->645 644->645 652 40181b-40181e 645->652 653 40188d-4018b6 call 40559f call 4032b4 645->653 650->642 651->650 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 667 4018b8-4018bc 653->667 668 4018be-4018ca SetFileTime 653->668 654->640 687 401864-401865 654->687 665 401882-401888 655->665 669 402c33 665->669 667->668 671 4018d0-4018db CloseHandle 667->671 668->671 674 402c35-402c39 669->674 672 4018e1-4018e4 671->672 673 402c2a-402c2d 671->673 676 4018e6-4018f7 call 40657a lstrcatW 672->676 677 4018f9-4018fc call 40657a 672->677 673->669 683 401901-4023a2 call 405b9d 676->683 677->683 683->673 683->674 687->665 689 401867-401868 687->689 689->655
                                                                                                                APIs
                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Program Files\Wildix\WIService,?,?,00000031), ref: 004017B0
                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files\Wildix\WIService,?,?,00000031), ref: 004017D5
                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0), ref: 004055FA
                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\), ref: 0040560C
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                • String ID: C:\Program Files\Wildix\WIService$C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp$C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dll$Call
                                                                                                                • API String ID: 1941528284-202713436
                                                                                                                • Opcode ID: d902f76b402f6f409ac5f1b10cbb34b55dd9b712852b56922f13ddc1bb876b7d
                                                                                                                • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                • Opcode Fuzzy Hash: d902f76b402f6f409ac5f1b10cbb34b55dd9b712852b56922f13ddc1bb876b7d
                                                                                                                • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0), ref: 004055FA
                                                                                                                • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\), ref: 0040560C
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000), ref: 00406779
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\
                                                                                                                • API String ID: 1495540970-4038432642
                                                                                                                • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 705 40689a-4068ba GetSystemDirectoryW 706 4068bc 705->706 707 4068be-4068c0 705->707 706->707 708 4068d1-4068d3 707->708 709 4068c2-4068cb 707->709 710 4068d4-406907 wsprintfW LoadLibraryExW 708->710 709->708 711 4068cd-4068cf 709->711 711->710
                                                                                                                APIs
                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                • wsprintfW.USER32 ref: 004068EC
                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                Function 00405F14 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 712 405f14-405f2f call 40653d call 405eb7 717 405f31-405f33 712->717 718 405f35-405f42 call 4067c4 712->718 719 405f8d-405f8f 717->719 722 405f52-405f56 718->722 723 405f44-405f4a 718->723 725 405f6c-405f75 lstrlenW 722->725 723->717 724 405f4c-405f50 723->724 724->717 724->722 726 405f77-405f8b call 405e0c GetFileAttributesW 725->726 727 405f58-405f5f call 406873 725->727 726->719 732 405f61-405f64 727->732 733 405f66-405f67 call 405e58 727->733 732->717 732->733 733->725
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4Mw,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\, 4Mw,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\, 4Mw,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,774D3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                • String ID: 4Mw$C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 3248276644-1561776675
                                                                                                                • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 735 405a6e-405ab9 CreateDirectoryW 736 405abb-405abd 735->736 737 405abf-405acc GetLastError 735->737 738 405ae6-405ae8 736->738 737->738 739 405ace-405ae2 SetFileSecurityW 737->739 739->736 740 405ae4 GetLastError 739->740 740->738
                                                                                                                APIs
                                                                                                                • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 3449924974-2145255484
                                                                                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 741 402ea9-402ed2 call 4063aa 743 402ed7-402edb 741->743 744 402ee1-402ee5 743->744 745 402f8c-402f90 743->745 746 402ee7-402f08 RegEnumValueW 744->746 747 402f0a-402f1d 744->747 746->747 748 402f71-402f7f RegCloseKey 746->748 749 402f46-402f4d RegEnumKeyW 747->749 748->745 750 402f1f-402f21 749->750 751 402f4f-402f61 RegCloseKey call 40690a 749->751 750->748 752 402f23-402f37 call 402ea9 750->752 757 402f81-402f87 751->757 758 402f63-402f6f RegDeleteKeyW 751->758 752->751 759 402f39-402f45 752->759 757->745 758->745 759->749
                                                                                                                APIs
                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 1354259210-0
                                                                                                                • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 760 401d81-401d85 761 401d94-401d9a GetDlgItem 760->761 762 401d87-401d92 call 402d84 760->762 764 401da0-401dcc 761->764 762->764 766 401dd7 764->766 767 401dce-401dd5 call 402da6 764->767 768 401ddb-401e31 GetClientRect LoadImageW SendMessageW 766->768 767->768 771 401e33-401e36 768->771 772 401e3f-401e42 768->772 771->772 773 401e38-401e39 DeleteObject 771->773 774 401e48 772->774 775 402c2a-402c39 772->775 773->772 774->775
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1849352358-0
                                                                                                                • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                • String ID: !
                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp
                                                                                                                • API String ID: 2655323295-2096585228
                                                                                                                • Opcode ID: 5496261ef0e43525347b669b3ac009eed82cb9ba59c39b4c965e182dd50d3395
                                                                                                                • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                • Opcode Fuzzy Hash: 5496261ef0e43525347b669b3ac009eed82cb9ba59c39b4c965e182dd50d3395
                                                                                                                • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                • API String ID: 1716503409-386316673
                                                                                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4Mw,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                  • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Program Files\Wildix\WIService,?,00000000,000000F0), ref: 0040164D
                                                                                                                Strings
                                                                                                                • C:\Program Files\Wildix\WIService, xrefs: 00401640
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                • String ID: C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 1892508949-2436880260
                                                                                                                • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                • RegCloseKey.KERNELBASE(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\), ref: 0040645C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue
                                                                                                                • String ID: Remove folder:
                                                                                                                • API String ID: 3356406503-1958208860
                                                                                                                • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNELBASE(?,774D3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 1100898210-2145255484
                                                                                                                • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0), ref: 004055FA
                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\), ref: 0040560C
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                • String ID:
                                                                                                                • API String ID: 334405425-0
                                                                                                                • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GlobalFree.KERNEL32(00752C90), ref: 00401C0B
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000), ref: 00406779
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                • String ID: Call
                                                                                                                • API String ID: 3292104215-1824292864
                                                                                                                • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                Function 00401F12 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                  • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                  • Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCodeExecuteExitHandleObjectProcessShellSingleWait
                                                                                                                • String ID: @$C:\Program Files\Wildix\WIService
                                                                                                                • API String ID: 165873841-3745962701
                                                                                                                • Opcode ID: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                • Opcode Fuzzy Hash: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                • RegEnumValueW.KERNELBASE(00000000,00000000,?,?), ref: 004025E4
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Enum$CloseValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 397863658-0
                                                                                                                • Opcode ID: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                                                                • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                • Opcode Fuzzy Hash: 2ceb002e910c094db02aea1c2c62d66cc74a7b046aa56edd155f21af9fce9564
                                                                                                                • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00406008: GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                  • Part of subcall function 00406008: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                • DeleteFileW.KERNELBASE(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1655745494-0
                                                                                                                • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                Function 004069B5 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069DB
                                                                                                                • GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2567322000-0
                                                                                                                • Opcode ID: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                • Instruction ID: f5f2e02d25af80b97bb350a16654da7f97250589dc800b1049f4071f8343982b
                                                                                                                • Opcode Fuzzy Hash: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                • Instruction Fuzzy Hash: 0CE0D8B1A00118FBDB109F54DE05E9E7B6EDF44750F110033FA01B6590D7B19E25DB94
                                                                                                                Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: x
                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                                                                • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                                                                Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3356406503-0
                                                                                                                • Opcode ID: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                                                                • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                • Opcode Fuzzy Hash: dd1b1b3d94faa584660aa564dd852358c6c0cbefcfc3417a0db06bb84b323ca4
                                                                                                                • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegDeleteValueW.KERNELBASE(00000000,00000000,00000033), ref: 00402456
                                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 0040245F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseDeleteValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2831762973-0
                                                                                                                • Opcode ID: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                                                                • Instruction ID: 30df5d2aec36195d54007c6df5f336708121daf1b93815cec1e8c6dbc8099d71
                                                                                                                • Opcode Fuzzy Hash: b75d323d86fa909671316af8d9fa67dfe1c8e59de469e028d3815ce869cacf85
                                                                                                                • Instruction Fuzzy Hash: 22F0C232A00120EBDB11ABB89B4DAED72A8AF84314F15443BE141B71C0DAFC5D01866D
                                                                                                                Function 00405672 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405682
                                                                                                                  • Part of subcall function 004044E5: SendMessageW.USER32(000705FE,00000000,00000000,00000000), ref: 004044F7
                                                                                                                • CoUninitialize.COMBASE(00000404,00000000,?,00000000,?), ref: 004056CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2896919175-0
                                                                                                                • Opcode ID: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                • Instruction ID: 6be4ff692d487ef8b3e25caebddd25c5d55207980f196ef2193ccf2f8785d180
                                                                                                                • Opcode Fuzzy Hash: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                • Instruction Fuzzy Hash: B3F0F0765006009AE6115B95A901BA677A8EBD4316F49883AEF88632E0CB365C418A1C
                                                                                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1136574915-0
                                                                                                                • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3712363035-0
                                                                                                                • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                  • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                  • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                  • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 2547128583-0
                                                                                                                • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 415043291-0
                                                                                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406021
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\, xrefs: 00403B31
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\
                                                                                                                • API String ID: 2962429428-3105179939
                                                                                                                • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1375471231-0
                                                                                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointerwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 327478801-0
                                                                                                                • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                Function 004028DE Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindNextFileW.KERNELBASE(00000000,?,?), ref: 004028F2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 2029273394-0
                                                                                                                • Opcode ID: 5a0eca54d12d830a6cf0b67cd5981ecab404d45d89ec6f49a99563b0e2ede8d6
                                                                                                                • Instruction ID: db9f6404ebf4ce2de6069d57e227025b0e6a75b8a6eb25932bbfae1af7e2135c
                                                                                                                • Opcode Fuzzy Hash: 5a0eca54d12d830a6cf0b67cd5981ecab404d45d89ec6f49a99563b0e2ede8d6
                                                                                                                • Instruction Fuzzy Hash: 3EE0E572A041159BDB11DFA5ED88AAE7374EF40314F20447BD102F61D0E7B85A55AB1D
                                                                                                                Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3934441357-0
                                                                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Open
                                                                                                                • String ID:
                                                                                                                • API String ID: 71445658-0
                                                                                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000), ref: 00406779
                                                                                                                • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemTextlstrcatlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 281422827-0
                                                                                                                • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(000705FE,00000000,00000000,00000000), ref: 004044F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2492992576-0
                                                                                                                • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000,00425020,774D23A0), ref: 004055FA
                                                                                                                  • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\), ref: 0040560C
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                  • Part of subcall function 00405B20: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                  • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                  • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                  • Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8
                                                                                                                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 2972824698-0
                                                                                                                • Opcode ID: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                • Opcode Fuzzy Hash: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C

                                                                                                                Non-executed Functions

                                                                                                                Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                  • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,774D3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                  • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,774D3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                  • Part of subcall function 004067C4: CharPrevW.USER32(?,?,774D3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                  • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                  • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                  • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: A$C:\Program Files\Wildix\WIService$Remove folder:
                                                                                                                • API String ID: 2624150263-2916885083
                                                                                                                • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                • String ID: $M$N
                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                • GetSysColor.USER32(?), ref: 00404738
                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                • String ID: N$Remove folder:
                                                                                                                • API String ID: 3103080414-3051863454
                                                                                                                • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                • String ID: F
                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                • wsprintfA.USER32 ref: 00406202
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                • String ID: %ls=%ls$[Rename]
                                                                                                                • API String ID: 2171350718-461813615
                                                                                                                • Opcode ID: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                • Opcode Fuzzy Hash: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                • GetSysColor.USER32(?), ref: 00404586
                                                                                                                • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2320649405-0
                                                                                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                  • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                • String ID: 9
                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,774D3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                • CharNextW.USER32(?,00000000,774D3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                • CharPrevW.USER32(?,?,774D3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$Prev
                                                                                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 589700163-2950451457
                                                                                                                • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                • GetMessagePos.USER32 ref: 00404E77
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                • String ID: f
                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDC.USER32(?), ref: 00401E51
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\,00000000), ref: 00406779
                                                                                                                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                • String ID: MS Shell Dlg
                                                                                                                • API String ID: 2584051700-76309092
                                                                                                                • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                • MulDiv.KERNEL32(01858A60,00000064,0185B4D8), ref: 00402FDC
                                                                                                                • wsprintfW.USER32 ref: 00402FEC
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                Strings
                                                                                                                • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                • wsprintfW.USER32 ref: 00404DF0
                                                                                                                • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                • String ID: %u.%u%s%s
                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4Mw,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,774D3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext
                                                                                                                • String ID: C:\
                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 2659869361-2145255484
                                                                                                                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dll), ref: 00402695
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp$C:\Users\user\AppData\Local\Temp\nsfFF8C.tmp\System.dll
                                                                                                                • API String ID: 1659193697-4165145033
                                                                                                                • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 2102729457-0
                                                                                                                • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                  • Part of subcall function 004044E5: SendMessageW.USER32(000705FE,00000000,00000000,00000000), ref: 004044F7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,C:\Users\user\Desktop\3.19.1+SetupWIService.exe,80000000,00000003), ref: 00405E6E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                • API String ID: 2709904686-3080008178
                                                                                                                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2542290299.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2542262474.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542321013.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542347695.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.2542558441.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_3.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 190613189-0
                                                                                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:3.7%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:0.3%
                                                                                                                Total number of Nodes:1036
                                                                                                                Total number of Limit Nodes:82
                                                                                                                execution_graph 39025 7ff827531b48 39026 7ff827531b56 39025->39026 39027 7ff827531b82 39025->39027 39026->39027 39030 7ff827531be5 39026->39030 39028 7ff827531bc2 39027->39028 39033 7ff827531bea 39027->39033 39052 7ff827590080 39028->39052 39032 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39030->39032 39032->39033 39047 7ff8275af500 39033->39047 39035 7ff827531bf0 39036 7ff827567a60 std::bad_exception::bad_exception 54 API calls 39035->39036 39037 7ff827531cc9 39036->39037 39038 7ff827531d53 39037->39038 39040 7ff827531db6 39037->39040 39039 7ff827531d93 39038->39039 39044 7ff827531dbb 39038->39044 39041 7ff827590080 DName::DName 8 API calls 39039->39041 39043 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39040->39043 39042 7ff827531da9 39041->39042 39043->39044 39045 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39044->39045 39046 7ff827531dc1 39045->39046 39061 7ff8275af378 52 API calls _invalid_parameter_noinfo 39047->39061 39049 7ff8275af519 39062 7ff8275af530 IsProcessorFeaturePresent 39049->39062 39055 7ff827590089 39052->39055 39053 7ff8275901ec IsProcessorFeaturePresent 39056 7ff827590204 39053->39056 39054 7ff827531bd8 39055->39053 39055->39054 39067 7ff8275903e0 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 39056->39067 39058 7ff827590217 39068 7ff8275901b8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 39058->39068 39061->39049 39063 7ff8275af543 39062->39063 39066 7ff8275af214 14 API calls 3 library calls 39063->39066 39065 7ff8275af55e GetCurrentProcess TerminateProcess 39066->39065 39067->39058 39069 7ff8275c7900 39080 7ff8275ce9b0 39069->39080 39072 7ff8275c7936 39090 7ff8275ca024 WideCharToMultiByte 39072->39090 39073 7ff8275c796d 39075 7ff8275af530 _invalid_parameter_noinfo_noreturn 17 API calls 39073->39075 39077 7ff8275c797f 39075->39077 39089 7ff8275bcc08 EnterCriticalSection 39077->39089 39079 7ff8275c7997 39085 7ff8275ce9cd 39080->39085 39081 7ff8275ce9d2 39082 7ff8275c7930 39081->39082 39091 7ff8275b531c 11 API calls std::_Stodx_v2 39081->39091 39082->39072 39082->39073 39084 7ff8275ce9dc 39092 7ff8275af4e0 52 API calls _invalid_parameter_noinfo 39084->39092 39085->39081 39085->39082 39087 7ff8275cea1e 39085->39087 39087->39082 39093 7ff8275b531c 11 API calls std::_Stodx_v2 39087->39093 39091->39084 39092->39082 39093->39084 39094 7ff827552e18 39131 7ff82753f2a0 39094->39131 39096 7ff827552ec7 39134 7ff82758bc60 39096->39134 39099 7ff827552f94 39101 7ff82758bc60 59 API calls 39099->39101 39100 7ff827553398 39102 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39100->39102 39103 7ff827553066 39101->39103 39104 7ff82755339d 39102->39104 39103->39104 39105 7ff8275530aa 39103->39105 39106 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39104->39106 39151 7ff82758e180 39105->39151 39108 7ff8275533a3 39106->39108 39112 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39108->39112 39110 7ff8275532f3 39217 7ff82753f130 39110->39217 39115 7ff8275533a9 39112->39115 39114 7ff827553308 39116 7ff827553348 39114->39116 39120 7ff8275533af 39114->39120 39117 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39115->39117 39119 7ff827590080 DName::DName 8 API calls 39116->39119 39117->39120 39123 7ff82755337e 39119->39123 39121 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39120->39121 39124 7ff8275533b5 39121->39124 39125 7ff827553149 39125->39110 39126 7ff827553221 39125->39126 39215 7ff82758b740 62 API calls DName::DName 39125->39215 39216 7ff8275526d0 54 API calls 3 library calls 39126->39216 39129 7ff827553258 39129->39108 39130 7ff827553297 39129->39130 39130->39110 39130->39115 39225 7ff82753f400 39131->39225 39133 7ff82753f2ae 39133->39096 39135 7ff827552f50 39134->39135 39138 7ff82758bc69 39134->39138 39135->39099 39135->39100 39136 7ff82758bd51 39137 7ff82758bd68 39136->39137 39260 7ff82758bbd0 54 API calls 39136->39260 39261 7ff82757c8f4 59 API calls _Maklocstr 39137->39261 39138->39136 39140 7ff82758bcbb 39138->39140 39142 7ff82753f2c0 59 API calls 39140->39142 39143 7ff82758bce2 39142->39143 39145 7ff82758bc60 59 API calls 39143->39145 39144 7ff827590080 DName::DName 8 API calls 39144->39135 39146 7ff82758bd10 39145->39146 39147 7ff82758bd91 39146->39147 39149 7ff82758bd4a 39146->39149 39148 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39147->39148 39150 7ff82758bd96 39148->39150 39149->39144 39152 7ff82758e18e 39151->39152 39262 7ff82758e2e0 39152->39262 39155 7ff82758d720 39156 7ff82758d754 39155->39156 39157 7ff82758d7c6 39155->39157 39158 7ff82758dba9 39156->39158 39198 7ff82758d75d 39156->39198 39159 7ff82753f130 59 API calls 39157->39159 39431 7ff82758ecb0 67 API calls 3 library calls 39158->39431 39161 7ff82758d7f8 39159->39161 39163 7ff82753f130 59 API calls 39161->39163 39162 7ff82758dbe3 39432 7ff8275a1ddc RtlPcToFileHeader RaiseException 39162->39432 39166 7ff82758d815 39163->39166 39165 7ff827590080 DName::DName 8 API calls 39168 7ff827553135 39165->39168 39376 7ff82758c8d0 39166->39376 39167 7ff82758dbf3 39433 7ff82758eae0 67 API calls 3 library calls 39167->39433 39168->39110 39168->39125 39214 7ff827551200 62 API calls 3 library calls 39168->39214 39170 7ff82758d81b 39384 7ff82758c820 39170->39384 39173 7ff82758dc21 39434 7ff8275a1ddc RtlPcToFileHeader RaiseException 39173->39434 39175 7ff82758dc31 39176 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39175->39176 39179 7ff82758dc37 39176->39179 39177 7ff82758d874 39177->39179 39182 7ff82758da34 39177->39182 39185 7ff82758c280 59 API calls 39177->39185 39192 7ff82758e2e0 79 API calls 39177->39192 39194 7ff82753f2c0 59 API calls 39177->39194 39200 7ff82758d9c3 39177->39200 39427 7ff82758c350 59 API calls 39177->39427 39178 7ff82758d823 39178->39177 39180 7ff82753f2c0 59 API calls 39178->39180 39181 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39179->39181 39180->39177 39183 7ff82758dc3d 39181->39183 39392 7ff827538ad0 39182->39392 39185->39177 39187 7ff82758daed 39189 7ff827538ad0 52 API calls 39187->39189 39190 7ff82758daf7 39189->39190 39193 7ff827538ad0 52 API calls 39190->39193 39192->39177 39195 7ff82758db01 39193->39195 39194->39177 39196 7ff827538ad0 52 API calls 39195->39196 39196->39198 39197 7ff82758da3d 39197->39187 39199 7ff82758c280 59 API calls 39197->39199 39206 7ff82758db11 39197->39206 39397 7ff82758bda0 39197->39397 39414 7ff82758dc40 39197->39414 39428 7ff82758d200 59 API calls 39197->39428 39198->39165 39199->39197 39200->39167 39201 7ff82758d9d7 39200->39201 39201->39175 39202 7ff82758da1a 39201->39202 39204 7ff827538ad0 52 API calls 39202->39204 39205 7ff82758db33 39204->39205 39207 7ff827538ad0 52 API calls 39205->39207 39206->39202 39208 7ff82758db6c 39206->39208 39209 7ff82758db3d 39207->39209 39429 7ff82758eae0 67 API calls 3 library calls 39208->39429 39210 7ff827538ad0 52 API calls 39209->39210 39210->39198 39212 7ff82758db99 39430 7ff8275a1ddc RtlPcToFileHeader RaiseException 39212->39430 39214->39125 39215->39126 39216->39129 39218 7ff82753f166 39217->39218 39219 7ff82753f1fc 39218->39219 39220 7ff82753f17c 39218->39220 39441 7ff827533150 54 API calls _Maklocstr 39219->39441 39224 7ff82753f18a _Maklocstr 39220->39224 39440 7ff82753f230 59 API calls 3 library calls 39220->39440 39224->39114 39246 7ff8275a3210 39225->39246 39228 7ff82753f478 39229 7ff82753f49c 39228->39229 39230 7ff82753f47f SHGetSpecialFolderPathW 39228->39230 39231 7ff82753f50f GetLastError 39229->39231 39232 7ff82753f4a1 39229->39232 39230->39229 39255 7ff82753f380 54 API calls 2 library calls 39231->39255 39248 7ff82753f2c0 39232->39248 39234 7ff82753f542 39256 7ff8275374f0 52 API calls __std_exception_copy 39234->39256 39237 7ff82753f550 39257 7ff8275a1ddc RtlPcToFileHeader RaiseException 39237->39257 39238 7ff82753f4eb 39239 7ff827590080 DName::DName 8 API calls 39238->39239 39241 7ff82753f4fe 39239->39241 39241->39133 39242 7ff82753f561 39243 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39242->39243 39244 7ff82753f5ac 39242->39244 39245 7ff82753f5cc 39243->39245 39244->39133 39245->39133 39247 7ff82753f43c SHGetSpecialFolderPathW GetCurrentProcessId ProcessIdToSessionId 39246->39247 39247->39228 39247->39229 39249 7ff82753f379 39248->39249 39250 7ff82753f2f1 39248->39250 39259 7ff827533150 54 API calls _Maklocstr 39249->39259 39254 7ff82753f2ff _Maklocstr 39250->39254 39258 7ff82753f230 59 API calls 3 library calls 39250->39258 39254->39238 39255->39234 39256->39237 39257->39242 39258->39254 39260->39137 39261->39149 39282 7ff82758e460 39262->39282 39264 7ff82758e430 39267 7ff827590080 DName::DName 8 API calls 39264->39267 39265 7ff82758e310 39265->39264 39265->39265 39266 7ff82758e34d 39265->39266 39268 7ff82753f2c0 59 API calls 39266->39268 39269 7ff82755310d 39267->39269 39270 7ff82758e357 CreateFileW 39268->39270 39269->39110 39269->39155 39271 7ff82758e3a4 39270->39271 39275 7ff82758e3d6 39270->39275 39274 7ff82758e457 39271->39274 39271->39275 39272 7ff82758e3f4 GetLastError 39325 7ff82758e010 67 API calls Concurrency::cancel_current_task 39272->39325 39273 7ff82758e40d 39326 7ff82758e1c0 39273->39326 39278 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39274->39278 39275->39272 39275->39273 39281 7ff82758e45c 39278->39281 39279 7ff82758e40a 39279->39264 39283 7ff82758e48a 39282->39283 39284 7ff82753f2c0 59 API calls 39283->39284 39285 7ff82758e4ba CreateFileW 39284->39285 39286 7ff82758e507 39285->39286 39287 7ff82758e539 39285->39287 39286->39287 39293 7ff82758e5ef 39286->39293 39288 7ff82758e557 GetLastError 39287->39288 39289 7ff82758e5b9 39287->39289 39290 7ff82758e564 39288->39290 39291 7ff82758e5a6 39288->39291 39292 7ff82758e1c0 71 API calls 39289->39292 39294 7ff82758e571 GetFileAttributesW 39290->39294 39295 7ff82758e56e 39290->39295 39343 7ff82758e010 67 API calls Concurrency::cancel_current_task 39291->39343 39298 7ff82758e5ca CloseHandle 39292->39298 39296 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39293->39296 39300 7ff82758e59e GetLastError 39294->39300 39301 7ff82758e57e 39294->39301 39295->39294 39307 7ff82758e5f4 39296->39307 39299 7ff82758e5b6 39298->39299 39302 7ff827590080 DName::DName 8 API calls 39299->39302 39300->39291 39301->39291 39303 7ff82758e584 39301->39303 39304 7ff82758e5e4 39302->39304 39342 7ff82758de20 59 API calls 2 library calls 39303->39342 39304->39265 39306 7ff82758e58e 39306->39299 39308 7ff82758e673 39307->39308 39309 7ff82758e75b 39307->39309 39324 7ff82758e63c _Maklocstr 39307->39324 39311 7ff82758e693 39308->39311 39312 7ff82758e67f 39308->39312 39356 7ff827533150 54 API calls _Maklocstr 39309->39356 39314 7ff82758e6a4 39311->39314 39315 7ff82758e6b8 39311->39315 39344 7ff8275317c0 54 API calls 3 library calls 39312->39344 39345 7ff8275317c0 54 API calls 3 library calls 39314->39345 39317 7ff82758e6d3 39315->39317 39318 7ff82758e6dd 39315->39318 39346 7ff8275317c0 54 API calls 3 library calls 39317->39346 39323 7ff82758e68e _Maklocstr 39318->39323 39347 7ff82758f98c 39318->39347 39320 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39322 7ff82758e766 39320->39322 39323->39320 39323->39324 39324->39265 39325->39279 39327 7ff82758e1fa 39326->39327 39328 7ff82758e23d GetFileInformationByHandle 39326->39328 39332 7ff82758e20e GetLastError 39327->39332 39333 7ff82758e233 39327->39333 39329 7ff82758e267 39328->39329 39330 7ff82758e24f GetLastError 39328->39330 39329->39333 39374 7ff82758dd20 5 API calls _Maklocstr 39329->39374 39373 7ff82758e010 67 API calls Concurrency::cancel_current_task 39330->39373 39332->39328 39336 7ff82758e219 39332->39336 39375 7ff82758de20 59 API calls 2 library calls 39333->39375 39334 7ff82758e22e 39339 7ff827590080 DName::DName 8 API calls 39334->39339 39336->39328 39338 7ff82758e21e 39336->39338 39372 7ff82758e010 67 API calls Concurrency::cancel_current_task 39338->39372 39341 7ff82758e2d3 CloseHandle 39339->39341 39341->39264 39342->39306 39343->39299 39344->39323 39345->39323 39346->39323 39348 7ff82758f997 39347->39348 39349 7ff82758f9b0 39348->39349 39351 7ff82758f9b6 39348->39351 39357 7ff8275bfec8 39348->39357 39349->39323 39352 7ff82758f9c1 39351->39352 39360 7ff827567c50 39351->39360 39364 7ff827533130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39352->39364 39365 7ff8275bff08 39357->39365 39361 7ff827567c5e std::bad_alloc::bad_alloc 39360->39361 39371 7ff8275a1ddc RtlPcToFileHeader RaiseException 39361->39371 39363 7ff827567c6f 39370 7ff8275bcc08 EnterCriticalSection 39365->39370 39367 7ff8275bff15 39368 7ff8275bcc5c _isindst LeaveCriticalSection 39367->39368 39369 7ff8275bfeda 39368->39369 39369->39348 39371->39363 39372->39334 39373->39334 39374->39333 39375->39334 39377 7ff82758c8e7 39376->39377 39383 7ff82758c93b 39376->39383 39378 7ff82758f98c _Maklocstr 4 API calls 39377->39378 39379 7ff82758c8ef 39378->39379 39380 7ff82753f2c0 59 API calls 39379->39380 39381 7ff82758c927 39379->39381 39380->39381 39382 7ff827538ad0 52 API calls 39381->39382 39381->39383 39382->39383 39383->39170 39385 7ff82758c837 39384->39385 39391 7ff82758c88b 39384->39391 39386 7ff82758f98c _Maklocstr 4 API calls 39385->39386 39387 7ff82758c83f 39386->39387 39388 7ff82753f2c0 59 API calls 39387->39388 39389 7ff82758c877 39387->39389 39388->39389 39390 7ff827538ad0 52 API calls 39389->39390 39389->39391 39390->39391 39391->39178 39393 7ff827538b0c 39392->39393 39394 7ff827538ae3 39392->39394 39393->39197 39394->39393 39395 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39394->39395 39396 7ff827538b30 39395->39396 39399 7ff82758bf9e 39397->39399 39400 7ff82758bdd5 39397->39400 39398 7ff82758bf3a 39401 7ff827590080 DName::DName 8 API calls 39398->39401 39399->39398 39438 7ff82758ba30 54 API calls 3 library calls 39399->39438 39402 7ff82753f2c0 59 API calls 39400->39402 39410 7ff82758bea6 std::bad_exception::bad_exception 39400->39410 39404 7ff82758bff1 39401->39404 39405 7ff82758be2c 39402->39405 39404->39197 39407 7ff82758bda0 59 API calls 39405->39407 39406 7ff82758bf2c 39435 7ff8275400f0 59 API calls 2 library calls 39406->39435 39407->39410 39409 7ff82758bf88 39437 7ff82757c8f4 59 API calls _Maklocstr 39409->39437 39410->39406 39412 7ff82758bf3f 39410->39412 39412->39409 39436 7ff82758bbd0 54 API calls 39412->39436 39415 7ff82758dc58 39414->39415 39416 7ff82758dc79 CreateDirectoryExW 39415->39416 39417 7ff82758dc9e CreateDirectoryW 39415->39417 39420 7ff82758dcb0 39416->39420 39417->39420 39421 7ff82758dcc1 GetLastError 39420->39421 39422 7ff82758dcb4 39420->39422 39423 7ff82758e180 79 API calls 39421->39423 39422->39197 39424 7ff82758dcf1 39423->39424 39425 7ff82758dd0a 39424->39425 39439 7ff82758f390 67 API calls 5 library calls 39424->39439 39425->39197 39427->39177 39428->39197 39429->39212 39430->39158 39431->39162 39432->39167 39433->39173 39434->39175 39435->39398 39436->39409 39437->39398 39438->39398 39439->39425 39440->39224 39442 7ff8275461ce 39443 7ff8275461f9 39442->39443 39444 7ff827546216 39442->39444 39495 7ff82758b740 62 API calls DName::DName 39443->39495 39466 7ff82753f8a0 39444->39466 39447 7ff827546227 39448 7ff827538ad0 52 API calls 39447->39448 39449 7ff8275463b9 39447->39449 39450 7ff8275463bf 39447->39450 39451 7ff827546336 39448->39451 39452 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39449->39452 39454 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39450->39454 39453 7ff827546369 39451->39453 39457 7ff8275463b4 39451->39457 39452->39450 39482 7ff82754e0c0 39453->39482 39456 7ff8275463c5 39454->39456 39497 7ff8275a1d24 52 API calls 2 library calls 39456->39497 39460 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39457->39460 39460->39449 39462 7ff8275463f9 39467 7ff82753f8fa 39466->39467 39468 7ff82753fa3e 39466->39468 39467->39468 39469 7ff82753f916 39467->39469 39470 7ff827567a60 std::bad_exception::bad_exception 54 API calls 39468->39470 39498 7ff827567a60 39469->39498 39472 7ff82753fac2 39470->39472 39474 7ff82753fb8b 39472->39474 39479 7ff82753fa39 39472->39479 39473 7ff827590080 DName::DName 8 API calls 39475 7ff82753fb76 39473->39475 39476 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39474->39476 39475->39447 39477 7ff82753fb90 39476->39477 39480 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39477->39480 39478 7ff82753f98d 39478->39477 39478->39479 39479->39473 39481 7ff82753fb96 39480->39481 39519 7ff827540c40 39482->39519 39484 7ff82754e0f7 shared_ptr 39522 7ff827598e50 39484->39522 39486 7ff82754e124 shared_ptr 39525 7ff827540be0 39486->39525 39488 7ff82754e1a0 shared_ptr 39528 7ff827543800 39488->39528 39490 7ff82754e207 39533 7ff827543910 39490->39533 39495->39444 39497->39462 39507 7ff82755c630 39498->39507 39500 7ff827567ad3 std::bad_exception::bad_exception 39501 7ff827567b1b 39500->39501 39503 7ff827567b44 39500->39503 39502 7ff827590080 DName::DName 8 API calls 39501->39502 39504 7ff827567b33 39502->39504 39505 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39503->39505 39504->39478 39506 7ff827567b49 39505->39506 39508 7ff82755c6d9 39507->39508 39509 7ff82755c656 39507->39509 39518 7ff82755b1e0 54 API calls std::bad_exception::bad_exception 39508->39518 39509->39508 39512 7ff82755c660 39509->39512 39511 7ff82755c6d7 39511->39500 39513 7ff82755c6ae 39512->39513 39516 7ff8275679b0 54 API calls 3 library calls 39512->39516 39517 7ff82755cbd0 8 API calls 2 library calls 39513->39517 39517->39511 39518->39511 39520 7ff82758f98c _Maklocstr 4 API calls 39519->39520 39521 7ff827540c61 39520->39521 39521->39484 39556 7ff827598f30 39522->39556 39526 7ff82758f98c _Maklocstr 4 API calls 39525->39526 39527 7ff827540c01 39526->39527 39527->39488 39559 7ff827540d00 39528->39559 39530 7ff827543836 shared_ptr 39562 7ff827545590 39530->39562 39532 7ff82754386c shared_ptr 39532->39490 39534 7ff82754393a UnDecorator::getSymbolName 39533->39534 39592 7ff827592a80 39534->39592 39536 7ff82754397d 39597 7ff827594020 AcquireSRWLockExclusive 39536->39597 39538 7ff8275439cb 39600 7ff827533180 39538->39600 39540 7ff827543a72 39611 7ff827550550 39540->39611 39542 7ff827543aad 39543 7ff827544882 39542->39543 39546 7ff827543ae4 39542->39546 39544 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39543->39544 39545 7ff827544887 39544->39545 39547 7ff827543b7f 39546->39547 39626 7ff82754b2b0 39546->39626 39632 7ff827548300 8 API calls DName::DName 39547->39632 39549 7ff82754470f 39633 7ff827548440 6 API calls _Maklocstr 39549->39633 39557 7ff82758f98c _Maklocstr 4 API calls 39556->39557 39558 7ff827598e65 39557->39558 39558->39486 39560 7ff82758f98c _Maklocstr 4 API calls 39559->39560 39561 7ff827540d21 39560->39561 39561->39530 39569 7ff827546880 InitializeSRWLock 39562->39569 39564 7ff8275455a7 39565 7ff82758f98c _Maklocstr 4 API calls 39564->39565 39566 7ff8275455cc 39565->39566 39572 7ff8275683e8 39566->39572 39570 7ff82758f98c _Maklocstr 4 API calls 39569->39570 39571 7ff8275468ad 39570->39571 39571->39564 39581 7ff827567d20 39572->39581 39574 7ff82756840a 39580 7ff82756842d _Maklocstr __std_exception_destroy 39574->39580 39589 7ff827568618 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection _Maklocstr 39574->39589 39576 7ff827568422 39590 7ff827568648 53 API calls std::locale::_Setgloballocale 39576->39590 39578 7ff827545607 39578->39532 39580->39580 39585 7ff827567d98 39580->39585 39582 7ff827567d2f 39581->39582 39583 7ff827567d34 39581->39583 39591 7ff8275bcc78 6 API calls std::_Locinfo::_Locinfo_ctor 39582->39591 39583->39574 39586 7ff827567dac 39585->39586 39587 7ff827567da3 LeaveCriticalSection 39585->39587 39586->39578 39589->39576 39590->39580 39594 7ff827592a89 std::bad_alloc::bad_alloc 39592->39594 39593 7ff827592a8e 39593->39536 39594->39593 39634 7ff8275a1ddc RtlPcToFileHeader RaiseException 39594->39634 39596 7ff827592aae 39635 7ff827592ab0 39597->39635 39599 7ff827594065 ReleaseSRWLockExclusive 39599->39538 39601 7ff82753318d 39600->39601 39602 7ff8275331b4 39600->39602 39603 7ff8275331cc 39601->39603 39604 7ff827533196 39601->39604 39602->39540 39639 7ff827533130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39603->39639 39605 7ff82758f98c _Maklocstr 4 API calls 39604->39605 39607 7ff82753319b 39605->39607 39608 7ff8275331a3 39607->39608 39609 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39607->39609 39608->39540 39610 7ff8275331d7 39609->39610 39612 7ff8275505d0 39611->39612 39640 7ff827599460 54 API calls 4 library calls 39612->39640 39614 7ff8275505e3 39615 7ff82758f98c _Maklocstr 4 API calls 39614->39615 39616 7ff8275505ed 39615->39616 39617 7ff8275507fd 39616->39617 39618 7ff8275507d4 39616->39618 39620 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39617->39620 39619 7ff827590080 DName::DName 8 API calls 39618->39619 39621 7ff8275507e8 39619->39621 39622 7ff827550802 39620->39622 39621->39542 39623 7ff827550834 39622->39623 39641 7ff82753d710 54 API calls 3 library calls 39622->39641 39623->39542 39625 7ff82755086d 39625->39542 39627 7ff82758f98c _Maklocstr 4 API calls 39626->39627 39628 7ff82754b2c7 39627->39628 39629 7ff82754b310 39628->39629 39642 7ff827545870 39628->39642 39629->39547 39632->39549 39634->39596 39636 7ff827592aed 39635->39636 39637 7ff82758f98c _Maklocstr 4 API calls 39636->39637 39638 7ff827592b09 shared_ptr 39636->39638 39637->39638 39638->39599 39640->39614 39641->39625 39643 7ff8275458b0 39642->39643 39652 7ff8275458cb _Maklocstr 39642->39652 39644 7ff82754599b 39643->39644 39656 7ff82754aca0 39643->39656 39672 7ff8275400d0 54 API calls _Maklocstr 39644->39672 39647 7ff82754592a 39662 7ff82754ac30 54 API calls 2 library calls 39647->39662 39648 7ff827545996 39671 7ff8275400d0 54 API calls _Maklocstr 39648->39671 39650 7ff827545979 39650->39547 39652->39647 39652->39648 39655 7ff827545936 _Maklocstr 39652->39655 39663 7ff827536d20 39655->39663 39657 7ff82754ad03 39656->39657 39673 7ff827533130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39657->39673 39664 7ff827536d56 39663->39664 39665 7ff827536de4 39664->39665 39668 7ff827536d68 39664->39668 39674 7ff827533150 54 API calls _Maklocstr 39665->39674 39669 7ff827533180 std::bad_exception::bad_exception 54 API calls 39668->39669 39670 7ff827536d76 _Maklocstr 39668->39670 39669->39670 39670->39650 39675 7ff82754d73a 39680 7ff82758fd38 55 API calls shared_ptr 39675->39680 39677 7ff82754d746 39681 7ff82758fe78 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 39677->39681 39680->39677 39682 7ff82754edf7 39683 7ff827533180 std::bad_exception::bad_exception 54 API calls 39682->39683 39684 7ff82754ee13 _Maklocstr 39683->39684 39749 7ff82753e160 39684->39749 39686 7ff82754ee4e 39756 7ff82753ef80 39686->39756 39688 7ff82754eee4 39689 7ff827592a80 2 API calls 39688->39689 39690 7ff82754eeef 39689->39690 39691 7ff827592ab0 4 API calls 39690->39691 39694 7ff82754ef6c 39691->39694 39692 7ff82754f449 39695 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39692->39695 39693 7ff82754f44f 39698 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39693->39698 39694->39692 39694->39693 39696 7ff82754f0bd 39694->39696 39697 7ff82754f455 39694->39697 39700 7ff82754f424 39694->39700 39695->39693 39699 7ff827592a80 2 API calls 39696->39699 39701 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39697->39701 39698->39697 39707 7ff82754f10f 39699->39707 39702 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39700->39702 39703 7ff82754f45b 39701->39703 39704 7ff82754f429 39702->39704 39865 7ff8275b582c 52 API calls 3 library calls 39703->39865 39864 7ff827568124 54 API calls std::locale::_Setgloballocale 39704->39864 39710 7ff827592ab0 4 API calls 39707->39710 39709 7ff82754f471 39715 7ff82754f15d 39710->39715 39716 7ff827592a80 2 API calls 39715->39716 39717 7ff82754f1a7 39716->39717 39720 7ff827536d20 54 API calls 39717->39720 39722 7ff82754f1ce 39720->39722 39723 7ff827592ab0 4 API calls 39722->39723 39724 7ff82754f206 39723->39724 39764 7ff827595470 39724->39764 39730 7ff82754f293 39790 7ff82754e360 39730->39790 39731 7ff82754f3cc 39732 7ff82754f3fa 39731->39732 39733 7ff82754f3f1 ReleaseSRWLockShared 39731->39733 39734 7ff827590080 DName::DName 8 API calls 39732->39734 39733->39732 39736 7ff82754f409 39734->39736 39737 7ff82754f319 39797 7ff8275989d0 39737->39797 39739 7ff82754f37b 39818 7ff82754d3e0 39739->39818 39741 7ff82754d3e0 93 API calls 39741->39739 39745 7ff82754f3a4 39862 7ff827598910 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39745->39862 39747 7ff82754f3c0 39863 7ff827547290 93 API calls 39747->39863 39750 7ff82753e17a 39749->39750 39753 7ff82753e1d4 39750->39753 39866 7ff82753e0d0 54 API calls 39750->39866 39753->39686 39757 7ff82753efcf 39756->39757 39758 7ff82753f120 39757->39758 39759 7ff82753f095 39757->39759 39763 7ff82753efd4 _Maklocstr 39757->39763 39867 7ff827533150 54 API calls _Maklocstr 39758->39867 39762 7ff827533180 std::bad_exception::bad_exception 54 API calls 39759->39762 39762->39763 39763->39688 39774 7ff827595486 39764->39774 39765 7ff8275954c3 39868 7ff8275953f0 39765->39868 39766 7ff8275954af 39766->39765 39882 7ff8275983b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 39766->39882 39772 7ff8275953f0 115 API calls 39772->39774 39773 7ff8275954d3 39775 7ff82754f251 39773->39775 39777 7ff82758f98c _Maklocstr RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39773->39777 39774->39766 39774->39772 39880 7ff827598320 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive ReleaseSRWLockExclusive 39774->39880 39881 7ff8275982e0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 39774->39881 39782 7ff8275948f0 39775->39782 39778 7ff8275954e0 39777->39778 39779 7ff82759aa00 TlsSetValue 39778->39779 39780 7ff827595503 39779->39780 39781 7ff8275950b0 121 API calls 39780->39781 39781->39775 39884 7ff8275939b0 39782->39884 39785 7ff82753d990 39786 7ff82758f98c _Maklocstr 4 API calls 39785->39786 39787 7ff82753d9b6 39786->39787 39788 7ff82753d9c7 39787->39788 39789 7ff8275683e8 62 API calls 39787->39789 39788->39730 39789->39788 39792 7ff82754e38f _DeleteExceptionPtr 39790->39792 39791 7ff82754e3c5 39791->39737 39792->39791 39922 7ff8275a1ddc RtlPcToFileHeader RaiseException 39792->39922 39794 7ff82754e457 39923 7ff827548b00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39794->39923 39796 7ff82754e47e 39796->39737 39798 7ff82754e360 4 API calls 39797->39798 39799 7ff827598a0d 39798->39799 39800 7ff8275683e8 62 API calls 39799->39800 39804 7ff827598a15 39800->39804 39801 7ff827590080 DName::DName 8 API calls 39803 7ff82754f332 39801->39803 39802 7ff827592a80 2 API calls 39805 7ff827598b2f shared_ptr 39802->39805 39803->39739 39803->39741 39804->39802 39811 7ff827598cad shared_ptr 39804->39811 39817 7ff827598d7c 39805->39817 39924 7ff827593300 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection shared_ptr 39805->39924 39807 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39808 7ff827598d82 39807->39808 39809 7ff827598c0e _DeleteExceptionPtr 39815 7ff827598c78 39809->39815 39925 7ff827598d90 90 API calls 39809->39925 39811->39801 39812 7ff827598c69 39926 7ff827550a30 54 API calls 2 library calls 39812->39926 39814 7ff827598d4b _DeleteExceptionPtr 39927 7ff8275a1ddc RtlPcToFileHeader RaiseException 39814->39927 39815->39811 39815->39814 39817->39807 39819 7ff82754d420 39818->39819 39820 7ff82754d435 39819->39820 39822 7ff82753a0d0 93 API calls 39819->39822 39821 7ff82753a0d0 93 API calls 39820->39821 39825 7ff82754d4c5 _DeleteExceptionPtr 39820->39825 39823 7ff82754d474 39821->39823 39822->39820 39823->39825 39827 7ff82754d49f _DeleteExceptionPtr 39823->39827 39828 7ff82754d4c7 39823->39828 39824 7ff82754d50a 39831 7ff82753a0d0 39824->39831 39825->39824 39930 7ff8275389e0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39825->39930 39928 7ff82754adc0 54 API calls 39827->39928 39929 7ff82754adc0 54 API calls 39828->39929 39832 7ff82753a180 39831->39832 39833 7ff82753a0f4 39831->39833 39832->39745 39931 7ff8275375a0 93 API calls 39833->39931 39835 7ff82753a101 39836 7ff82753a16d 39835->39836 39838 7ff82753a1a9 _DeleteExceptionPtr 39835->39838 39836->39832 39932 7ff8275389e0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task _DeleteExceptionPtr 39836->39932 39933 7ff8275a1ddc RtlPcToFileHeader RaiseException 39838->39933 39841 7ff82753a5f4 39966 7ff827533150 54 API calls _Maklocstr 39841->39966 39844 7ff82753a5f9 39848 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39844->39848 39847 7ff827533180 std::bad_exception::bad_exception 54 API calls 39860 7ff82753a1fc _Maklocstr std::bad_exception::bad_exception 39847->39860 39850 7ff82753a5ff 39848->39850 39849 7ff827536d20 54 API calls 39849->39860 39851 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39850->39851 39852 7ff82753a605 39851->39852 39857 7ff82753a583 39858 7ff827590080 DName::DName 8 API calls 39857->39858 39859 7ff82753a59d 39858->39859 39859->39745 39860->39841 39860->39844 39860->39847 39860->39849 39860->39850 39860->39857 39861 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39860->39861 39934 7ff82753f6b0 54 API calls 39860->39934 39935 7ff827536df0 62 API calls _Maklocstr 39860->39935 39936 7ff827535a60 93 API calls 2 library calls 39860->39936 39937 7ff827533270 39860->39937 39962 7ff827537f30 52 API calls _Receive_impl 39860->39962 39963 7ff82758fed8 5 API calls shared_ptr 39860->39963 39964 7ff82758fd38 55 API calls shared_ptr 39860->39964 39965 7ff82758fe78 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 39860->39965 39861->39860 39862->39747 39863->39731 39865->39709 39869 7ff827595426 39868->39869 39870 7ff827595419 39868->39870 39883 7ff82758fed8 5 API calls shared_ptr 39869->39883 39879 7ff82759a9f0 TlsGetValue 39870->39879 39880->39774 39885 7ff82754f268 39884->39885 39886 7ff8275939ec 39884->39886 39885->39731 39885->39785 39906 7ff8275a1490 39886->39906 39888 7ff827593a11 AcquireSRWLockShared 39889 7ff827593b30 ReleaseSRWLockShared 39888->39889 39890 7ff827593a2d 39888->39890 39889->39885 39909 7ff827592bd0 39890->39909 39891 7ff8275939f5 39891->39888 39893 7ff8275a1490 TlsGetValue 39891->39893 39895 7ff827593a0e 39893->39895 39895->39888 39896 7ff827593b1d 39896->39889 39897 7ff827593a80 39900 7ff827593ad4 39897->39900 39912 7ff827594130 54 API calls 4 library calls 39897->39912 39898 7ff827593ab6 39913 7ff827594130 54 API calls 4 library calls 39898->39913 39901 7ff827593b13 39900->39901 39903 7ff827593aec 39900->39903 39914 7ff827592fd0 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 39901->39914 39905 7ff827593b04 ReleaseSRWLockShared 39903->39905 39905->39885 39915 7ff8275a13e0 TlsGetValue 39906->39915 39908 7ff8275a1499 39908->39891 39916 7ff827592dc0 39909->39916 39912->39897 39913->39900 39914->39896 39915->39908 39918 7ff827592df1 std::bad_alloc::bad_alloc 39916->39918 39917 7ff827592bf5 39917->39896 39917->39897 39917->39898 39918->39917 39921 7ff8275a1ddc RtlPcToFileHeader RaiseException 39918->39921 39920 7ff827592f2b 39921->39920 39922->39794 39923->39796 39924->39809 39925->39812 39926->39815 39927->39817 39928->39825 39929->39825 39930->39824 39931->39835 39932->39832 39933->39860 39934->39860 39935->39860 39936->39860 39938 7ff8275332b5 39937->39938 39951 7ff827533294 _Maklocstr 39937->39951 39939 7ff8275332c8 39938->39939 39940 7ff8275333be 39938->39940 39942 7ff827533311 39939->39942 39945 7ff82753333d 39939->39945 39946 7ff827533304 39939->39946 39967 7ff827533150 54 API calls _Maklocstr 39940->39967 39944 7ff82758f98c _Maklocstr 4 API calls 39942->39944 39943 7ff8275333c3 39968 7ff827533130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 39943->39968 39950 7ff827533326 _Maklocstr 39944->39950 39948 7ff82758f98c _Maklocstr 4 API calls 39945->39948 39945->39950 39946->39942 39946->39943 39948->39950 39949 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 39958 7ff8275333cf 39949->39958 39950->39949 39950->39951 39951->39860 39952 7ff827533270 85 API calls 39952->39958 39953 7ff8275af500 52 API calls _invalid_parameter_noinfo_noreturn 39953->39958 39954 7ff827540950 57 API calls 39954->39958 39958->39952 39958->39953 39958->39954 39959 7ff8275336e9 39958->39959 39969 7ff827532420 54 API calls 3 library calls 39958->39969 39970 7ff8275384b0 39958->39970 39987 7ff827538b40 69 API calls 5 library calls 39958->39987 39960 7ff827590080 DName::DName 8 API calls 39959->39960 39961 7ff82753374f 39960->39961 39961->39860 39962->39860 39964->39860 39969->39958 39971 7ff8275384df 39970->39971 39972 7ff827538523 39970->39972 39971->39958 39990 7ff82758fed8 5 API calls shared_ptr 39972->39990 39987->39958 39991 7ff827544aa0 GetCurrentThreadId 39992 7ff827544ace 39991->39992 39993 7ff827544b36 39992->39993 39999 7ff827542910 39992->39999 40000 7ff8275a1490 TlsGetValue 39999->40000 40001 7ff827542940 40000->40001 40002 7ff827542950 AcquireSRWLockShared 40001->40002 40006 7ff8275429a4 40001->40006 40003 7ff82758f98c _Maklocstr 4 API calls 40002->40003 40004 7ff82754296d 40003->40004 40005 7ff82754298b ReleaseSRWLockShared 40004->40005 40020 7ff827546ac0 62 API calls 40004->40020 40010 7ff8275a1490 TlsGetValue 40005->40010 40009 7ff82753a0d0 93 API calls 40006->40009 40011 7ff8275429e9 40009->40011 40010->40006 40017 7ff827598e30 40011->40017 40018 7ff827598e37 40017->40018 40019 7ff827598e3a OutputDebugStringA 40017->40019 40018->40019 40020->40005 40021 7ff8275535d0 40028 7ff8275b5e3c 40021->40028 40025 7ff827553642 40026 7ff827590080 DName::DName 8 API calls 40025->40026 40027 7ff82755368e 40026->40027 40034 7ff8275c14e4 40028->40034 40031 7ff827553609 40033 7ff8275b662c 57 API calls _Wcsftime 40031->40033 40033->40025 40072 7ff8275c1b40 GetLastError 40034->40072 40036 7ff8275c14ef 40037 7ff8275b5e53 40036->40037 40042 7ff8275c1513 40036->40042 40090 7ff8275c7a24 40036->40090 40037->40031 40043 7ff8275b5b3c 40037->40043 40042->40037 40098 7ff8275b531c 11 API calls std::_Stodx_v2 40042->40098 40044 7ff8275b5b52 40043->40044 40045 7ff8275b5b6d 40043->40045 40110 7ff8275b531c 11 API calls std::_Stodx_v2 40044->40110 40045->40044 40047 7ff8275b5b86 40045->40047 40049 7ff8275b5b8c 40047->40049 40052 7ff8275b5ba9 40047->40052 40048 7ff8275b5b57 40111 7ff8275af4e0 52 API calls _invalid_parameter_noinfo 40048->40111 40112 7ff8275b531c 11 API calls std::_Stodx_v2 40049->40112 40104 7ff8275c6d84 40052->40104 40055 7ff8275b5e23 40057 7ff8275af530 _invalid_parameter_noinfo_noreturn 17 API calls 40055->40057 40059 7ff8275b5e38 40057->40059 40058 7ff8275b5bd4 40058->40055 40114 7ff8275c6de4 52 API calls 2 library calls 40058->40114 40061 7ff8275c14e4 12 API calls 40059->40061 40063 7ff8275b5e53 40061->40063 40062 7ff8275b5be5 40062->40055 40064 7ff8275b5bed 40062->40064 40065 7ff8275b5e68 40063->40065 40066 7ff8275b5b3c 53 API calls 40063->40066 40067 7ff8275b5c66 40064->40067 40068 7ff8275b5c06 40064->40068 40065->40031 40066->40065 40071 7ff8275b5b63 40067->40071 40116 7ff8275c79c4 52 API calls _isindst 40067->40116 40068->40071 40115 7ff8275c79c4 52 API calls _isindst 40068->40115 40071->40031 40073 7ff8275c1b81 FlsSetValue 40072->40073 40078 7ff8275c1b64 40072->40078 40074 7ff8275c1b93 40073->40074 40075 7ff8275c1b71 40073->40075 40099 7ff8275c35e4 11 API calls 3 library calls 40074->40099 40076 7ff8275c1bed SetLastError 40075->40076 40076->40036 40078->40073 40078->40075 40079 7ff8275c1ba2 40080 7ff8275c1bc0 FlsSetValue 40079->40080 40081 7ff8275c1bb0 FlsSetValue 40079->40081 40082 7ff8275c1bde 40080->40082 40083 7ff8275c1bcc FlsSetValue 40080->40083 40084 7ff8275c1bb9 40081->40084 40101 7ff8275c1734 11 API calls std::_Stodx_v2 40082->40101 40083->40084 40100 7ff8275c35a8 11 API calls 2 library calls 40084->40100 40087 7ff8275c1be6 40102 7ff8275c35a8 11 API calls 2 library calls 40087->40102 40088 7ff8275c1bbe 40088->40075 40091 7ff8275c7a6f 40090->40091 40095 7ff8275c7a33 _Wcsftime 40090->40095 40103 7ff8275b531c 11 API calls std::_Stodx_v2 40091->40103 40093 7ff8275c7a56 HeapAlloc 40094 7ff8275c1508 40093->40094 40093->40095 40097 7ff8275c35a8 11 API calls 2 library calls 40094->40097 40095->40091 40095->40093 40096 7ff8275bfec8 _Maklocstr 2 API calls 40095->40096 40096->40095 40097->40042 40098->40037 40099->40079 40100->40088 40101->40087 40102->40076 40103->40094 40105 7ff8275b5bc3 40104->40105 40106 7ff8275c6d8d 40104->40106 40105->40055 40113 7ff8275c6db4 52 API calls 2 library calls 40105->40113 40117 7ff8275b531c 11 API calls std::_Stodx_v2 40106->40117 40108 7ff8275c6d92 40118 7ff8275af4e0 52 API calls _invalid_parameter_noinfo 40108->40118 40110->40048 40111->40071 40112->40071 40113->40058 40114->40062 40115->40071 40116->40071 40117->40108 40118->40105 40119 7ff8275351c4 40120 7ff8275351cf 40119->40120 40121 7ff827533270 85 API calls 40120->40121 40123 7ff8275351df 40121->40123 40122 7ff827535222 40126 7ff82753524a 40122->40126 40127 7ff8275352a8 40122->40127 40123->40122 40124 7ff827535340 40123->40124 40125 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40124->40125 40128 7ff827535345 40125->40128 40134 7ff82753528a 40126->40134 40190 7ff827532660 40126->40190 40129 7ff827532660 54 API calls 40127->40129 40132 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40128->40132 40129->40134 40133 7ff82753534b OutputDebugStringA 40132->40133 40138 7ff8275353e4 40133->40138 40134->40128 40136 7ff827535314 40134->40136 40135 7ff827590080 DName::DName 8 API calls 40137 7ff82753532f 40135->40137 40136->40135 40139 7ff827533270 85 API calls 40138->40139 40140 7ff82753540f 40138->40140 40139->40140 40141 7ff82753545b 40140->40141 40143 7ff8275357cc 40140->40143 40203 7ff827540950 40141->40203 40146 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40143->40146 40144 7ff827535490 40223 7ff827531dd0 40144->40223 40148 7ff8275357d1 40146->40148 40151 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40148->40151 40149 7ff8275354f3 40150 7ff8275384b0 71 API calls 40149->40150 40152 7ff8275354fd 40150->40152 40157 7ff82753551c 40151->40157 40153 7ff827540950 57 API calls 40152->40153 40155 7ff827535510 40153->40155 40154 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40160 7ff82753555b 40154->40160 40236 7ff82753aa90 40155->40236 40157->40154 40157->40160 40161 7ff827535588 40160->40161 40241 7ff82758fed8 5 API calls shared_ptr 40160->40241 40162 7ff827532660 54 API calls 40161->40162 40165 7ff8275356fb 40162->40165 40166 7ff82753574d 40165->40166 40170 7ff827535855 40165->40170 40169 7ff827590080 DName::DName 8 API calls 40166->40169 40173 7ff8275357bb 40169->40173 40172 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40170->40172 40174 7ff82753585a 40172->40174 40175 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40174->40175 40176 7ff827535860 40175->40176 40177 7ff827533270 85 API calls 40176->40177 40179 7ff827535918 40176->40179 40177->40179 40178 7ff827535964 40242 7ff827532cc0 54 API calls 4 library calls 40178->40242 40179->40178 40181 7ff827535a51 40179->40181 40182 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40181->40182 40183 7ff827535a56 40182->40183 40186 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40183->40186 40184 7ff8275359e8 40184->40183 40185 7ff827535a30 40184->40185 40187 7ff827590080 DName::DName 8 API calls 40185->40187 40189 7ff827535a5c 40186->40189 40188 7ff827535a46 40187->40188 40191 7ff8275326e1 40190->40191 40191->40191 40192 7ff827567a60 std::bad_exception::bad_exception 54 API calls 40191->40192 40193 7ff827532729 40192->40193 40194 7ff8275327b3 40193->40194 40196 7ff827532816 40193->40196 40195 7ff8275327f3 40194->40195 40199 7ff82753281b 40194->40199 40197 7ff827590080 DName::DName 8 API calls 40195->40197 40198 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40196->40198 40200 7ff827532809 DisableThreadLibraryCalls 40197->40200 40198->40199 40201 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40199->40201 40200->40134 40202 7ff827532821 40201->40202 40204 7ff827540b21 40203->40204 40205 7ff82754097e 40203->40205 40204->40144 40205->40204 40206 7ff8275409a3 WideCharToMultiByte 40205->40206 40206->40204 40207 7ff8275409d5 40206->40207 40208 7ff827540b69 40207->40208 40209 7ff827540a29 40207->40209 40210 7ff8275409ff 40207->40210 40243 7ff8275400d0 54 API calls _Maklocstr 40208->40243 40213 7ff82758f98c _Maklocstr 4 API calls 40209->40213 40212 7ff827540b6f 40210->40212 40214 7ff82758f98c _Maklocstr 4 API calls 40210->40214 40244 7ff827533130 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 40212->40244 40218 7ff827540a12 memcpy_s 40213->40218 40214->40218 40217 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40217->40208 40219 7ff827540a74 WideCharToMultiByte 40218->40219 40222 7ff827540ad1 40218->40222 40220 7ff827540aa0 40219->40220 40219->40222 40221 7ff827540aa4 WideCharToMultiByte 40220->40221 40220->40222 40221->40222 40222->40204 40222->40217 40224 7ff827531e1c 40223->40224 40225 7ff827567a60 std::bad_exception::bad_exception 54 API calls 40224->40225 40226 7ff827531eab 40225->40226 40227 7ff827531f35 40226->40227 40230 7ff827531f98 40226->40230 40228 7ff827531f75 40227->40228 40231 7ff827531f9d 40227->40231 40229 7ff827590080 DName::DName 8 API calls 40228->40229 40232 7ff827531f8b 40229->40232 40233 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40230->40233 40234 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40231->40234 40232->40148 40232->40149 40233->40231 40235 7ff827531fa3 40234->40235 40237 7ff827531dd0 54 API calls 40236->40237 40239 7ff82753aac3 40237->40239 40238 7ff82753aae1 40238->40157 40239->40238 40240 7ff827533270 85 API calls 40239->40240 40240->40238 40242->40184 40245 7ff827534195 40247 7ff82753419f 40245->40247 40246 7ff8275341d3 40249 7ff827590080 DName::DName 8 API calls 40246->40249 40247->40246 40248 7ff827534200 40247->40248 40251 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40248->40251 40250 7ff8275341eb 40249->40250 40252 7ff827534205 40251->40252 40253 7ff827533270 85 API calls 40252->40253 40255 7ff8275342e8 40252->40255 40253->40255 40254 7ff827534334 40256 7ff827540950 57 API calls 40254->40256 40255->40254 40257 7ff82753461e 40255->40257 40258 7ff827534383 40256->40258 40259 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40257->40259 40295 7ff827531fb0 40258->40295 40262 7ff827534623 40259->40262 40264 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40262->40264 40263 7ff82753441a 40265 7ff8275384b0 71 API calls 40263->40265 40266 7ff827534629 40264->40266 40267 7ff827534424 40265->40267 40269 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40266->40269 40268 7ff827540950 57 API calls 40267->40268 40270 7ff82753443a 40268->40270 40271 7ff82753462f 40269->40271 40308 7ff8275399b0 40270->40308 40274 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40271->40274 40273 7ff82753445b 40273->40266 40276 7ff82753449b 40273->40276 40275 7ff827534635 40274->40275 40277 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40275->40277 40276->40271 40278 7ff8275344f7 40276->40278 40279 7ff82753463b 40277->40279 40280 7ff827590080 DName::DName 8 API calls 40278->40280 40282 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40279->40282 40281 7ff82753460b 40280->40281 40283 7ff827534641 40282->40283 40284 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40283->40284 40290 7ff827534647 40284->40290 40285 7ff827533270 85 API calls 40285->40290 40286 7ff827540950 57 API calls 40286->40290 40288 7ff8275384b0 71 API calls 40288->40290 40290->40285 40290->40286 40290->40288 40291 7ff82753487f 40290->40291 40292 7ff8275af500 52 API calls _invalid_parameter_noinfo_noreturn 40290->40292 40353 7ff827532230 40290->40353 40366 7ff82753b150 54 API calls 40290->40366 40293 7ff827590080 DName::DName 8 API calls 40291->40293 40292->40290 40294 7ff8275348e2 40293->40294 40296 7ff827531ffc 40295->40296 40296->40296 40297 7ff827567a60 std::bad_exception::bad_exception 54 API calls 40296->40297 40298 7ff82753212c 40297->40298 40299 7ff8275321b6 40298->40299 40301 7ff827532219 40298->40301 40300 7ff8275321f6 40299->40300 40304 7ff82753221e 40299->40304 40302 7ff827590080 DName::DName 8 API calls 40300->40302 40303 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40301->40303 40305 7ff82753220c 40302->40305 40303->40304 40306 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40304->40306 40305->40262 40305->40263 40307 7ff827532224 40306->40307 40321 7ff827539a18 memcpy_s 40308->40321 40309 7ff827539fa7 40382 7ff827535f40 54 API calls 2 library calls 40309->40382 40311 7ff827539fd0 40383 7ff827537150 52 API calls __std_exception_copy 40311->40383 40313 7ff827539fef 40385 7ff827568124 54 API calls std::locale::_Setgloballocale 40313->40385 40314 7ff827539fde 40384 7ff8275a1ddc RtlPcToFileHeader RaiseException 40314->40384 40316 7ff827539a8d 40367 7ff8275364a0 40316->40367 40319 7ff827539ff7 40386 7ff827536050 54 API calls 2 library calls 40319->40386 40321->40309 40321->40313 40321->40316 40380 7ff82753a610 99 API calls 5 library calls 40321->40380 40323 7ff827539f67 _Mtx_unlock 40328 7ff827590080 DName::DName 8 API calls 40323->40328 40324 7ff82753a023 40387 7ff827536fd0 52 API calls __std_exception_copy 40324->40387 40326 7ff827536d20 54 API calls 40352 7ff827539aba 40326->40352 40327 7ff82753a031 40388 7ff8275a1ddc RtlPcToFileHeader RaiseException 40327->40388 40331 7ff827539f81 40328->40331 40330 7ff82753a042 40332 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40330->40332 40331->40273 40333 7ff82753a048 40332->40333 40335 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40333->40335 40334 7ff8275406c0 62 API calls 40334->40352 40336 7ff82753a04e 40335->40336 40337 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40336->40337 40338 7ff82753a054 40337->40338 40339 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40338->40339 40340 7ff82753a05a 40339->40340 40343 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40340->40343 40341 7ff82753a060 40344 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40341->40344 40342 7ff827531dd0 54 API calls 40342->40352 40343->40341 40347 7ff82753a066 40344->40347 40345 7ff827539f9c 40348 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40345->40348 40346 7ff827539fa1 40350 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40346->40350 40347->40273 40348->40346 40349 7ff827540950 57 API calls 40349->40352 40350->40309 40352->40319 40352->40323 40352->40326 40352->40330 40352->40333 40352->40334 40352->40336 40352->40338 40352->40340 40352->40341 40352->40342 40352->40345 40352->40346 40352->40349 40381 7ff827536670 54 API calls 3 library calls 40352->40381 40354 7ff82753227c 40353->40354 40355 7ff827567a60 std::bad_exception::bad_exception 54 API calls 40354->40355 40356 7ff827532335 40355->40356 40357 7ff8275323ad 40356->40357 40359 7ff827532410 40356->40359 40358 7ff8275323ed 40357->40358 40363 7ff827532415 40357->40363 40360 7ff827590080 DName::DName 8 API calls 40358->40360 40362 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40359->40362 40361 7ff827532403 40360->40361 40361->40290 40362->40363 40364 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40363->40364 40365 7ff82753241b 40364->40365 40366->40290 40368 7ff827536520 40367->40368 40368->40368 40369 7ff827567a60 std::bad_exception::bad_exception 54 API calls 40368->40369 40370 7ff827536568 40369->40370 40371 7ff8275365f2 40370->40371 40374 7ff827536655 40370->40374 40372 7ff827536632 40371->40372 40377 7ff82753665a 40371->40377 40373 7ff827590080 DName::DName 8 API calls 40372->40373 40375 7ff827536648 40373->40375 40376 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40374->40376 40375->40352 40376->40377 40378 7ff8275af500 _invalid_parameter_noinfo_noreturn 52 API calls 40377->40378 40379 7ff827536660 40378->40379 40380->40321 40381->40352 40382->40311 40383->40314 40384->40313 40386->40324 40387->40327 40388->40330

                                                                                                                Executed Functions

                                                                                                                Function 00007FF82757A6EC Relevance: 81.8, APIs: 54, Instructions: 808COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctypeGetvals
                                                                                                                • String ID:
                                                                                                                • API String ID: 553569086-0
                                                                                                                • Opcode ID: 844e453f3a7b26c993d6eacc8b01586e483ee83a9f4427985b09560889792638
                                                                                                                • Instruction ID: 851648f67044426bb0c4908f97b1180a4fb2ace57696f0d9637330b62fb0a3fa
                                                                                                                • Opcode Fuzzy Hash: 844e453f3a7b26c993d6eacc8b01586e483ee83a9f4427985b09560889792638
                                                                                                                • Instruction Fuzzy Hash: 5F821725E09A4295FB96AB27DE902BCA3E2BF467C4F044535EA4E47796EF3CF4418304
                                                                                                                Function 00007FF8275337A0 Relevance: 67.4, APIs: 30, Strings: 8, Instructions: 920COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __tlregdtor
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_closeport {:#x}$monitor_configureport '{}', {:#x}, '{}'$monitor_deleteport '{}', {:#x}, '{}'$monitor_enddocport {:#x}$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 1373327856-976324260
                                                                                                                • Opcode ID: c7b0ae6a849accbd1b24ce6c7f64200c0a6b1168bde5f61b158b42cfa0ce1856
                                                                                                                • Instruction ID: 2127f95e1e56da4109b0c571812126237f6b00be443259a6acce5140fb6bd284
                                                                                                                • Opcode Fuzzy Hash: c7b0ae6a849accbd1b24ce6c7f64200c0a6b1168bde5f61b158b42cfa0ce1856
                                                                                                                • Instruction Fuzzy Hash: 82825162A186C641FA109B66ED553AEE351FF877D0F504631EAAD42AEADF7CF480C700
                                                                                                                Function 00007FF8275351C4 Relevance: 39.0, APIs: 12, Strings: 10, Instructions: 463threadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 739 7ff8275351c4-7ff8275351cd 740 7ff8275351cf 739->740 741 7ff8275351d2-7ff8275351f3 call 7ff827533270 call 7ff827550ce0 739->741 740->741 746 7ff827535227-7ff827535248 call 7ff827550cc0 741->746 747 7ff8275351f5-7ff827535207 741->747 755 7ff82753524a-7ff82753524d 746->755 756 7ff8275352a8-7ff8275352d5 call 7ff827532660 746->756 748 7ff827535209-7ff82753521c 747->748 749 7ff827535222 call 7ff82758f9c8 747->749 748->749 751 7ff827535340-7ff827535345 call 7ff8275af500 748->751 749->746 762 7ff827535346-7ff8275353ef call 7ff8275af500 OutputDebugStringA call 7ff82754d760 751->762 759 7ff827535253-7ff827535278 call 7ff827532660 755->759 760 7ff8275352d6-7ff8275352e9 call 7ff827550ce0 755->760 756->760 765 7ff82753527d-7ff827535288 DisableThreadLibraryCalls 759->765 770 7ff82753531a-7ff82753533f call 7ff827590080 760->770 771 7ff8275352eb-7ff8275352fd 760->771 781 7ff82753540f-7ff827535429 call 7ff827550ce0 762->781 782 7ff8275353f1-7ff8275353fa 762->782 765->760 768 7ff82753528a-7ff8275352a6 call 7ff827531a50 765->768 768->760 775 7ff8275352ff-7ff827535312 771->775 776 7ff827535314-7ff827535319 call 7ff82758f9c8 771->776 775->762 775->776 776->770 789 7ff82753542b-7ff827535440 781->789 790 7ff827535460-7ff8275354c1 call 7ff827540950 call 7ff827531dd0 781->790 785 7ff8275353ff-7ff82753540a call 7ff827533270 782->785 786 7ff8275353fc 782->786 785->781 786->785 791 7ff82753545b call 7ff82758f9c8 789->791 792 7ff827535442-7ff827535455 789->792 801 7ff8275354f8-7ff827535517 call 7ff8275384b0 call 7ff827540950 call 7ff82753aa90 790->801 802 7ff8275354c3-7ff8275354d8 790->802 791->790 792->791 794 7ff8275357cc-7ff8275357d1 call 7ff8275af500 792->794 803 7ff8275357d2-7ff8275357d7 call 7ff8275af500 794->803 818 7ff82753551c-7ff827535529 801->818 805 7ff8275354da-7ff8275354ed 802->805 806 7ff8275354f3 call 7ff82758f9c8 802->806 811 7ff8275357d8-7ff8275357dd call 7ff8275af500 803->811 805->803 805->806 806->801 817 7ff8275357de-7ff8275357f1 call 7ff82758fed8 811->817 825 7ff827535588-7ff8275356f6 call 7ff827532660 817->825 826 7ff8275357f7-7ff827535804 call 7ff82758f98c 817->826 820 7ff82753552b-7ff827535540 818->820 821 7ff827535561-7ff827535582 818->821 823 7ff82753555b-7ff827535560 call 7ff82758f9c8 820->823 824 7ff827535542-7ff827535555 820->824 821->817 821->825 823->821 824->811 824->823 831 7ff8275356fb-7ff82753571b call 7ff827550ce0 825->831 835 7ff82753582f-7ff827535850 call 7ff82758fd38 call 7ff82758fe78 826->835 836 7ff827535806-7ff827535828 826->836 837 7ff82753571d-7ff827535732 831->837 838 7ff827535753-7ff8275357cb call 7ff827590080 831->838 835->825 836->835 840 7ff82753574d-7ff827535752 call 7ff82758f9c8 837->840 841 7ff827535734-7ff827535747 837->841 840->838 841->840 845 7ff827535855-7ff8275358f8 call 7ff8275af500 * 2 call 7ff82754d760 841->845 858 7ff8275358fa-7ff827535903 845->858 859 7ff827535918-7ff827535932 call 7ff827550ce0 845->859 860 7ff827535908-7ff827535913 call 7ff827533270 858->860 861 7ff827535905 858->861 865 7ff827535969-7ff827535a02 call 7ff827532cc0 call 7ff827550ce0 859->865 866 7ff827535934-7ff827535949 859->866 860->859 861->860 877 7ff827535a36-7ff827535a50 call 7ff827590080 865->877 878 7ff827535a04-7ff827535a19 865->878 867 7ff82753594b-7ff82753595e 866->867 868 7ff827535964 call 7ff82758f9c8 866->868 867->868 870 7ff827535a51-7ff827535a56 call 7ff8275af500 867->870 868->865 879 7ff827535a57-7ff827535a5f call 7ff8275af500 870->879 880 7ff827535a1b-7ff827535a2e 878->880 881 7ff827535a30-7ff827535a35 call 7ff82758f9c8 878->881 880->879 880->881 881->877
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CallsDebugDisableLibraryOutputStringThread__tlregdtor
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$DisableThreadLibraryCalls() failed$InitializePrintMonitor '{}'$RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$process attach, instance {:#x}$process detach, instance {:#x}$return MONITOREX {:#x}$rundll$system$wfaxport.dll initialize
                                                                                                                • API String ID: 1380303762-3667887961
                                                                                                                • Opcode ID: 2c5d8ad6c803e5910c31e643ce9efff5f7411c1dd2cf7347156dc9c7eca61beb
                                                                                                                • Instruction ID: 248335f3ff7f15428daf1792d46fa7635af4c219b5b389f1d8580e7161093094
                                                                                                                • Opcode Fuzzy Hash: 2c5d8ad6c803e5910c31e643ce9efff5f7411c1dd2cf7347156dc9c7eca61beb
                                                                                                                • Instruction Fuzzy Hash: A0223122A18BC581EA10DB26ED443AEA361FB967D0F515236EA9D027E6DF7CF5C4C700
                                                                                                                Function 00007FF827569B22 Relevance: 33.3, APIs: 22, Instructions: 306COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 888 7ff827569b22-7ff827569b25 889 7ff827569b2b-7ff827569b35 888->889 890 7ff827569bc4-7ff827569bce 888->890 891 7ff827569b37-7ff827569b49 call 7ff827567d20 889->891 892 7ff827569b72-7ff827569b86 call 7ff82758f98c 889->892 893 7ff827569c0b-7ff827569c1c call 7ff827536390 call 7ff827569924 890->893 894 7ff827569bd0-7ff827569be2 call 7ff827567d20 890->894 906 7ff827569b4b-7ff827569b5b 891->906 907 7ff827569b62-7ff827569b6b call 7ff827567d98 891->907 903 7ff827569b88-7ff827569bae call 7ff8275686ec 892->903 904 7ff827569bb0 892->904 912 7ff827569c21-7ff827569c25 893->912 908 7ff827569bfb-7ff827569c04 call 7ff827567d98 894->908 909 7ff827569be4-7ff827569bf4 894->909 913 7ff827569bb2-7ff827569bc2 call 7ff827569924 903->913 904->913 906->907 907->892 908->893 909->908 917 7ff827569c2b-7ff827569c35 912->917 918 7ff827569ea8-7ff827569eab 912->918 913->912 921 7ff827569c9e-7ff827569ca1 917->921 922 7ff827569c37-7ff827569c3a 917->922 923 7ff827569f76-7ff827569f82 call 7ff827587700 918->923 924 7ff827569eb1-7ff827569ebb 918->924 927 7ff827569cde-7ff827569ce1 call 7ff827553cb0 921->927 928 7ff827569ca3-7ff827569cb5 call 7ff827567d20 921->928 929 7ff827569c3c-7ff827569c4e call 7ff827567d20 922->929 930 7ff827569c77-7ff827569c88 call 7ff82758f98c 922->930 934 7ff827569f87-7ff827569f93 call 7ff82757a6ec 923->934 931 7ff827569ebd-7ff827569ec0 924->931 932 7ff827569f20-7ff827569f23 924->932 950 7ff827569ce6-7ff827569d01 call 7ff827569924 927->950 957 7ff827569cce-7ff827569cd7 call 7ff827567d98 928->957 958 7ff827569cb7-7ff827569cc7 928->958 960 7ff827569c67-7ff827569c70 call 7ff827567d98 929->960 961 7ff827569c50-7ff827569c60 929->961 953 7ff827569c8a-7ff827569c97 930->953 954 7ff827569c99-7ff827569c9c 930->954 939 7ff827569efd-7ff827569f0e call 7ff82758f98c 931->939 940 7ff827569ec2-7ff827569ed4 call 7ff827567d20 931->940 936 7ff827569f25-7ff827569f37 call 7ff827567d20 932->936 937 7ff827569f60-7ff827569f63 call 7ff82753d880 932->937 956 7ff827569f98-7ff827569fb4 call 7ff827579a44 934->956 967 7ff827569f39-7ff827569f49 936->967 968 7ff827569f50-7ff827569f59 call 7ff827567d98 936->968 951 7ff827569f68-7ff827569f71 call 7ff827569924 937->951 939->951 965 7ff827569f10-7ff827569f1e 939->965 971 7ff827569eed-7ff827569ef6 call 7ff827567d98 940->971 972 7ff827569ed6-7ff827569ee6 940->972 974 7ff827569d66-7ff827569d69 950->974 975 7ff827569d03-7ff827569d06 950->975 951->923 953->950 954->950 983 7ff827569fba-7ff827569fdd call 7ff8275682d4 956->983 984 7ff827569fb6 956->984 957->927 958->957 960->930 961->960 965->951 967->968 968->937 971->939 972->971 986 7ff827569d6b-7ff827569d7d call 7ff827567d20 974->986 987 7ff827569da6-7ff827569da9 call 7ff827544d30 974->987 981 7ff827569d08-7ff827569d1a call 7ff827567d20 975->981 982 7ff827569d43-7ff827569d54 call 7ff82758f98c 975->982 1000 7ff827569d1c-7ff827569d2c 981->1000 1001 7ff827569d33-7ff827569d3c call 7ff827567d98 981->1001 995 7ff827569dae-7ff827569dbf call 7ff827569924 982->995 1003 7ff827569d56-7ff827569d64 982->1003 984->983 998 7ff827569d7f-7ff827569d8f 986->998 999 7ff827569d96-7ff827569d9f call 7ff827567d98 986->999 987->995 1009 7ff827569e4b-7ff827569e55 995->1009 1010 7ff827569dc5-7ff827569dcf 995->1010 998->999 999->987 1000->1001 1001->982 1003->995 1011 7ff827569e57-7ff827569e69 call 7ff827567d20 1009->1011 1012 7ff827569e92-7ff827569e9d call 7ff827544e40 1009->1012 1013 7ff827569e0c-7ff827569e20 call 7ff82758f98c 1010->1013 1014 7ff827569dd1-7ff827569de3 call 7ff827567d20 1010->1014 1026 7ff827569e6b-7ff827569e7b 1011->1026 1027 7ff827569e82-7ff827569e8b call 7ff827567d98 1011->1027 1023 7ff827569ea0-7ff827569ea3 call 7ff827569924 1012->1023 1024 7ff827569e22-7ff827569e3f call 7ff827564a90 1013->1024 1025 7ff827569e41 1013->1025 1028 7ff827569dfc-7ff827569e05 call 7ff827567d98 1014->1028 1029 7ff827569de5-7ff827569df5 1014->1029 1023->918 1034 7ff827569e43-7ff827569e49 1024->1034 1025->1034 1026->1027 1027->1012 1028->1013 1029->1028 1034->1023
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetctypeYarn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3181430533-0
                                                                                                                • Opcode ID: a85bd2074a54993fc751f98c7e710713bfa6a3433c8b156e66419e275ced64e5
                                                                                                                • Instruction ID: eee26468892cbd7f1fa7b3329fbc688f10d381ce5c7d6ca36c7bca39afa13558
                                                                                                                • Opcode Fuzzy Hash: a85bd2074a54993fc751f98c7e710713bfa6a3433c8b156e66419e275ced64e5
                                                                                                                • Instruction Fuzzy Hash: 6BD12425A09A0285FF59AF27DE502BCA3E5FF56BC4F444539DA0D472A6EF3DB8428304
                                                                                                                Function 00007FF827543910 Relevance: 25.4, APIs: 1, Strings: 13, Instructions: 871COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1392 7ff827543910-7ff827543980 call 7ff827590160 call 7ff827594500 call 7ff827592a80 1399 7ff82754399d 1392->1399 1400 7ff827543982-7ff82754399b 1392->1400 1401 7ff8275439a0-7ff8275439d9 call 7ff827592020 call 7ff827594020 1399->1401 1400->1401 1406 7ff8275439db-7ff8275439ec 1401->1406 1407 7ff827543a0a-7ff827543a11 1401->1407 1406->1407 1408 7ff8275439ee-7ff8275439fc 1406->1408 1409 7ff827543a3b-7ff827543ab6 call 7ff827592020 call 7ff827533180 call 7ff827550550 1407->1409 1410 7ff827543a13-7ff827543a1d 1407->1410 1408->1407 1411 7ff8275439fe-7ff827543a09 1408->1411 1422 7ff827543ae9-7ff827543b06 1409->1422 1423 7ff827543ab8-7ff827543ac9 1409->1423 1410->1409 1412 7ff827543a1f-7ff827543a30 1410->1412 1411->1407 1412->1409 1419 7ff827543a32-7ff827543a35 1412->1419 1419->1409 1426 7ff827543b1a-7ff827543b21 1422->1426 1427 7ff827543b08-7ff827543b18 1422->1427 1424 7ff827543acb-7ff827543ade 1423->1424 1425 7ff827543ae4 call 7ff82758f9c8 1423->1425 1424->1425 1428 7ff827544882-7ff827544888 call 7ff8275af500 1424->1428 1425->1422 1430 7ff827543b24-7ff827543b2f 1426->1430 1427->1430 1433 7ff827543b3b-7ff827543b4c 1430->1433 1434 7ff827543b31-7ff827543b3a 1430->1434 1435 7ff827543b4e-7ff827543b5f 1433->1435 1436 7ff827543b61-7ff827543b64 1433->1436 1434->1433 1439 7ff827543b68-7ff827543b74 1435->1439 1436->1439 1441 7ff827543b88-7ff827543b8f 1439->1441 1442 7ff827543b76-7ff827543b7d call 7ff82754b2b0 1439->1442 1443 7ff827543b92-7ff827543b9d 1441->1443 1444 7ff827543b7f-7ff827543b86 1442->1444 1445 7ff827543ba9-7ff827543bb9 1443->1445 1446 7ff827543b9f-7ff827543ba8 1443->1446 1444->1443 1447 7ff827543bbb-7ff827543bce 1445->1447 1448 7ff827543bd0-7ff827543bd3 1445->1448 1446->1445 1449 7ff827543bda-7ff827543c05 1447->1449 1448->1449 1452 7ff827543c1c-7ff827543c26 1449->1452 1453 7ff827543c07-7ff827543c1a 1449->1453 1454 7ff827543c29-7ff827543c3a 1452->1454 1453->1454 1456 7ff827543c4e-7ff827543c52 1454->1456 1457 7ff827543c3c-7ff827543c4c 1454->1457 1458 7ff827543c55-7ff827543c64 1456->1458 1457->1458 1460 7ff827543c70-7ff827543c7b 1458->1460 1461 7ff827543c66-7ff827543c6f 1458->1461 1462 7ff827543c7d-7ff827543c86 1460->1462 1463 7ff827543c87-7ff827543c9f 1460->1463 1461->1460 1462->1463 1465 7ff827543ca1-7ff827543cb4 1463->1465 1466 7ff827543cb6-7ff827543cb9 1463->1466 1468 7ff827543cc0-7ff827543ce6 1465->1468 1466->1468 1470 7ff827543ce8-7ff827543cfb 1468->1470 1471 7ff827543cfd-7ff827543d07 1468->1471 1472 7ff827543d0a-7ff827543d28 1470->1472 1471->1472 1473 7ff827543d2a-7ff827543d3d 1472->1473 1474 7ff827543d3f-7ff827543d49 1472->1474 1476 7ff827543d4c-7ff827543d65 1473->1476 1474->1476 1478 7ff827543d71-7ff827543d7c 1476->1478 1479 7ff827543d67-7ff827543d70 1476->1479 1480 7ff827543d88-7ff827543da0 1478->1480 1481 7ff827543d7e-7ff827543d87 1478->1481 1479->1478 1483 7ff827543da2-7ff827543db5 1480->1483 1484 7ff827543db7-7ff827543dba 1480->1484 1481->1480 1485 7ff827543dc1-7ff827543df5 1483->1485 1484->1485 1488 7ff827543e13-7ff827543e1d 1485->1488 1489 7ff827543df7-7ff827543e11 1485->1489 1490 7ff827543e20-7ff827543e3f 1488->1490 1489->1490 1492 7ff827543e5a-7ff827543e65 1490->1492 1493 7ff827543e41-7ff827543e58 1490->1493 1494 7ff827543e68-7ff827543e88 1492->1494 1493->1494 1496 7ff827543e8a-7ff827543e93 1494->1496 1497 7ff827543e94-7ff827543e9f 1494->1497 1496->1497 1498 7ff827543eab-7ff827543f2c call 7ff827569000 call 7ff827545170 * 2 call 7ff8275450a0 1497->1498 1499 7ff827543ea1-7ff827543eaa 1497->1499 1510 7ff827543f2e-7ff827543f34 1498->1510 1511 7ff827543f35-7ff827543f47 1498->1511 1499->1498 1510->1511 1512 7ff827543f49-7ff827543f4f 1511->1512 1513 7ff827543f50-7ff827543fb8 call 7ff827592020 call 7ff8275450a0 * 2 1511->1513 1512->1513 1522 7ff827543fba-7ff827543fc0 1513->1522 1523 7ff827543fc1-7ff827544049 call 7ff8275450a0 call 7ff8275452c0 call 7ff8275453a0 1513->1523 1522->1523 1531 7ff82754404b-7ff827544051 1523->1531 1532 7ff827544052-7ff82754406c 1523->1532 1531->1532 1533 7ff82754406e-7ff827544074 1532->1533 1534 7ff827544075-7ff8275440f1 call 7ff8275453a0 * 3 1532->1534 1533->1534 1543 7ff8275440fa-7ff82754410c 1534->1543 1544 7ff8275440f3-7ff8275440f9 1534->1544 1545 7ff82754410e-7ff827544114 1543->1545 1546 7ff827544115-7ff8275441c1 call 7ff8275453a0 * 3 1543->1546 1544->1543 1545->1546 1555 7ff8275441ca-7ff8275441dc 1546->1555 1556 7ff8275441c3-7ff8275441c9 1546->1556 1557 7ff8275441de-7ff8275441e4 1555->1557 1558 7ff8275441e5-7ff82754429f call 7ff827569000 call 7ff8275453a0 * 2 call 7ff827545060 1555->1558 1556->1555 1557->1558 1569 7ff8275442a8-7ff8275442ba 1558->1569 1570 7ff8275442a1-7ff8275442a7 1558->1570 1571 7ff8275442bc-7ff8275442c2 1569->1571 1572 7ff8275442c3-7ff82754432b call 7ff827592020 call 7ff827545060 * 2 1569->1572 1570->1569 1571->1572 1581 7ff82754432d-7ff827544333 1572->1581 1582 7ff827544334-7ff8275443bc call 7ff827545060 call 7ff827545280 call 7ff827545230 1572->1582 1581->1582 1590 7ff8275443be-7ff8275443c4 1582->1590 1591 7ff8275443c5-7ff8275443d7 1582->1591 1590->1591 1592 7ff8275443d9-7ff8275443df 1591->1592 1593 7ff8275443e0-7ff8275447f8 call 7ff827545230 * 2 call 7ff8275451d0 call 7ff827547160 * 2 call 7ff827569000 call 7ff8275451d0 call 7ff827545100 * 2 call 7ff827547160 * 2 call 7ff827592020 call 7ff8275481a0 call 7ff827545330 call 7ff827547160 call 7ff827545330 * 3 call 7ff827547160 * 2 call 7ff827592020 call 7ff827545330 * 2 call 7ff827547160 call 7ff827545330 call 7ff827548220 * 2 call 7ff827547160 * 2 call 7ff827548220 call 7ff827595070 call 7ff8275486e0 * 2 call 7ff827547160 * 2 call 7ff827548300 call 7ff827548440 call 7ff827547160 * 16 1591->1593 1592->1593 1702 7ff8275447fa-7ff827544800 1593->1702 1703 7ff827544801-7ff827544804 1593->1703 1702->1703 1704 7ff827544810-7ff827544817 1703->1704 1705 7ff827544806-7ff82754480f 1703->1705 1706 7ff827544819-7ff82754481f 1704->1706 1707 7ff827544820-7ff82754482f 1704->1707 1705->1704 1706->1707 1710 7ff827544838-7ff82754483b 1707->1710 1711 7ff827544831-7ff827544837 1707->1711 1713 7ff827544848-7ff827544881 call 7ff827547700 call 7ff827590080 1710->1713 1714 7ff82754483d-7ff827544847 1710->1714 1711->1710 1714->1713
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF827548440: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF82754845E
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF827544882
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AcquireExclusiveLock_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: ($) |$FileName$S.%f$Scope$Severity$ThreadId$TimeStamp$w]G$|$|$|$:
                                                                                                                • API String ID: 3218014468-4217748407
                                                                                                                • Opcode ID: 4d991b5dbae21ddb31069fd052506c7e00d824f99f4d96ddfbb5b974929ae1dc
                                                                                                                • Instruction ID: 5b048e6340388465a7cdb95c1e0db56890b81a425fb5dbe7d1c4466b0bd4dc80
                                                                                                                • Opcode Fuzzy Hash: 4d991b5dbae21ddb31069fd052506c7e00d824f99f4d96ddfbb5b974929ae1dc
                                                                                                                • Instruction Fuzzy Hash: CE92713261AAC689DB70DF25DDA02EE7760FB81788F405536DA4D4BBA9DF38E604C740
                                                                                                                Function 00007FF827552E18 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 325COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1722 7ff827552e18-7ff827552f5d call 7ff82753f2a0 call 7ff82758b650 call 7ff82758bc60 1729 7ff827552f5f-7ff827552f79 1722->1729 1730 7ff827552f99-7ff827553073 call 7ff82758b650 call 7ff82758bc60 1722->1730 1731 7ff827552f7b-7ff827552f8e 1729->1731 1732 7ff827552f94 call 7ff82758f9c8 1729->1732 1741 7ff8275530af-7ff827553110 call 7ff82758e180 1730->1741 1742 7ff827553075-7ff82755308f 1730->1742 1731->1732 1735 7ff827553398-7ff82755339d call 7ff8275af500 1731->1735 1732->1730 1743 7ff82755339e-7ff8275533a3 call 7ff8275af500 1735->1743 1752 7ff8275532f8-7ff827553315 call 7ff82753f130 1741->1752 1753 7ff827553116-7ff827553130 call 7ff82758d720 1741->1753 1744 7ff8275530aa call 7ff82758f9c8 1742->1744 1745 7ff827553091-7ff8275530a4 1742->1745 1751 7ff8275533a4-7ff8275533a9 call 7ff8275af500 1743->1751 1744->1741 1745->1743 1745->1744 1762 7ff8275533aa-7ff8275533af call 7ff8275af500 1751->1762 1760 7ff82755334d-7ff827553397 call 7ff827590080 1752->1760 1761 7ff827553317-7ff827553331 1752->1761 1759 7ff827553135-7ff82755313d 1753->1759 1759->1752 1763 7ff827553143-7ff827553147 1759->1763 1765 7ff827553348 call 7ff82758f9c8 1761->1765 1766 7ff827553333-7ff827553346 1761->1766 1773 7ff8275533b0-7ff8275533b5 call 7ff8275af500 1762->1773 1768 7ff827553149-7ff827553156 1763->1768 1769 7ff827553174-7ff827553177 1763->1769 1765->1760 1766->1765 1766->1773 1768->1752 1776 7ff82755315c-7ff827553172 1768->1776 1770 7ff82755318f-7ff8275531a7 1769->1770 1771 7ff827553179-7ff82755318d call 7ff827551200 1769->1771 1784 7ff8275531aa-7ff8275531e0 1770->1784 1771->1784 1776->1784 1785 7ff827553221-7ff827553265 call 7ff8275526d0 1784->1785 1786 7ff8275531e2-7ff82755321c call 7ff82758b740 1784->1786 1790 7ff82755329c-7ff8275532c1 1785->1790 1791 7ff827553267-7ff82755327c 1785->1791 1786->1785 1790->1752 1794 7ff8275532c3-7ff8275532d8 1790->1794 1792 7ff82755327e-7ff827553291 1791->1792 1793 7ff827553297 call 7ff82758f9c8 1791->1793 1792->1751 1792->1793 1793->1790 1796 7ff8275532da-7ff8275532ed 1794->1796 1797 7ff8275532f3 call 7ff82758f9c8 1794->1797 1796->1762 1796->1797 1797->1752
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\utils\ServiceFilesystem.cpp$Couldn't create writable subdirectory '{}': {}$WIService$Wildix
                                                                                                                • API String ID: 3668304517-1823832745
                                                                                                                • Opcode ID: 4cf0d7ca435ab29cba9aee2d834deacd446f32cad2b8ece2b4deb5508146a8ee
                                                                                                                • Instruction ID: 4af95efae5151f292263bd85f598008e94bacd347dec272c0081102de5004a1d
                                                                                                                • Opcode Fuzzy Hash: 4cf0d7ca435ab29cba9aee2d834deacd446f32cad2b8ece2b4deb5508146a8ee
                                                                                                                • Instruction Fuzzy Hash: ABD17372A18BC685EB60CB25ED443AEA361FB967D4F509231D6DC02A99DF7CE1C5C700
                                                                                                                Function 00007FF8275B5B3C Relevance: 9.2, APIs: 6, Instructions: 249COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1987 7ff8275b5b3c-7ff8275b5b50 1988 7ff8275b5b52-7ff8275b5b5e call 7ff8275b531c call 7ff8275af4e0 1987->1988 1989 7ff8275b5b6d-7ff8275b5b84 1987->1989 1998 7ff8275b5b63 1988->1998 1989->1988 1991 7ff8275b5b86-7ff8275b5b8a 1989->1991 1993 7ff8275b5b9a-7ff8275b5ba7 1991->1993 1994 7ff8275b5b8c-7ff8275b5b98 call 7ff8275b531c 1991->1994 1993->1994 1997 7ff8275b5ba9-7ff8275b5bc5 call 7ff8275c7980 call 7ff8275c6d84 1993->1997 1994->1998 2005 7ff8275b5e23-7ff8275b5e5b call 7ff8275af530 call 7ff8275c14e4 1997->2005 2006 7ff8275b5bcb-7ff8275b5bd6 call 7ff8275c6db4 1997->2006 2001 7ff8275b5b65-7ff8275b5b6c 1998->2001 2018 7ff8275b5e71-7ff8275b5e83 2005->2018 2019 7ff8275b5e5d-7ff8275b5e63 call 7ff8275b5b3c 2005->2019 2006->2005 2011 7ff8275b5bdc-7ff8275b5be7 call 7ff8275c6de4 2006->2011 2011->2005 2017 7ff8275b5bed-7ff8275b5c04 2011->2017 2020 7ff8275b5c66-7ff8275b5c73 call 7ff8275c1578 2017->2020 2021 7ff8275b5c06-7ff8275b5c1f call 7ff8275c1578 2017->2021 2025 7ff8275b5e68-7ff8275b5e6e 2019->2025 2020->2001 2028 7ff8275b5c79-7ff8275b5c7f 2020->2028 2021->2001 2029 7ff8275b5c25-7ff8275b5c28 2021->2029 2025->2018 2030 7ff8275b5c81-7ff8275b5c8b call 7ff8275c79c4 2028->2030 2031 7ff8275b5c9e 2028->2031 2032 7ff8275b5c2e-7ff8275b5c38 call 7ff8275c79c4 2029->2032 2033 7ff8275b5e1c-7ff8275b5e1e 2029->2033 2030->2031 2041 7ff8275b5c8d-7ff8275b5c9c 2030->2041 2035 7ff8275b5ca2-7ff8275b5ccf 2031->2035 2032->2033 2044 7ff8275b5c3e-7ff8275b5c54 call 7ff8275c1578 2032->2044 2033->2001 2038 7ff8275b5cd1-7ff8275b5cd8 2035->2038 2039 7ff8275b5cda-7ff8275b5d1b 2035->2039 2038->2039 2042 7ff8275b5d27-7ff8275b5d72 2039->2042 2043 7ff8275b5d1d-7ff8275b5d24 2039->2043 2041->2035 2045 7ff8275b5d74-7ff8275b5d7b 2042->2045 2046 7ff8275b5d7e-7ff8275b5d98 2042->2046 2043->2042 2044->2001 2051 7ff8275b5c5a-7ff8275b5c61 2044->2051 2045->2046 2049 7ff8275b5dc5 2046->2049 2050 7ff8275b5d9a-7ff8275b5dc3 2046->2050 2049->2033 2052 7ff8275b5dc7-7ff8275b5dfc 2049->2052 2050->2033 2051->2033 2053 7ff8275b5e19 2052->2053 2054 7ff8275b5dfe-7ff8275b5e17 2052->2054 2053->2033 2054->2033
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                • String ID:
                                                                                                                • API String ID: 1405656091-0
                                                                                                                • Opcode ID: 8f42dcffa165bbfe2c7a270adee54e6e2f96542f54f90540c6355e07dcc56ef9
                                                                                                                • Instruction ID: 463c48f7d8ba2ed7643899641544f19a65c1e3e9c10b1a29120aca912596d3ac
                                                                                                                • Opcode Fuzzy Hash: 8f42dcffa165bbfe2c7a270adee54e6e2f96542f54f90540c6355e07dcc56ef9
                                                                                                                • Instruction Fuzzy Hash: 8691B2B2B042564AEB588F66CE413BCA3A1EB55BC8F449139DB0D8B789EF3CF5508740
                                                                                                                Function 00007FF82754E9B5 Relevance: 30.4, APIs: 10, Strings: 7, Instructions: 606COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1038 7ff82754e9b5-7ff82754e9d0 1039 7ff82754e9d5-7ff82754e9e9 1038->1039 1040 7ff82754e9d2 1038->1040 1041 7ff82754e9ee-7ff82754ea7f call 7ff827567a60 1039->1041 1042 7ff82754e9eb 1039->1042 1040->1039 1045 7ff82754eaa0-7ff82754eace 1041->1045 1046 7ff82754ea81-7ff82754ea99 call 7ff82754a1e0 1041->1046 1042->1041 1048 7ff82754eaec-7ff82754eb3f 1045->1048 1049 7ff82754ead0-7ff82754eae5 call 7ff82758f98c 1045->1049 1046->1045 1052 7ff82754eb75-7ff82754eb97 1048->1052 1053 7ff82754eb41-7ff82754eb55 1048->1053 1049->1048 1054 7ff82754ebcd-7ff82754ebd8 1052->1054 1055 7ff82754eb99-7ff82754ebad 1052->1055 1057 7ff82754eb57-7ff82754eb6a 1053->1057 1058 7ff82754eb70 call 7ff82758f9c8 1053->1058 1062 7ff82754ebde-7ff82754ebe5 1054->1062 1063 7ff82754ec8a-7ff82754ec9f call 7ff827568010 1054->1063 1060 7ff82754ebaf-7ff82754ebc2 1055->1060 1061 7ff82754ebc8 call 7ff82758f9c8 1055->1061 1057->1058 1064 7ff82754f432-7ff82754f437 call 7ff8275af500 1057->1064 1058->1052 1060->1061 1066 7ff82754f438-7ff82754f43d call 7ff8275af500 1060->1066 1061->1054 1068 7ff82754ebf0-7ff82754ec10 1062->1068 1076 7ff82754f3fa-7ff82754f423 call 7ff827590080 1063->1076 1077 7ff82754eca5-7ff82754ed37 AcquireSRWLockShared call 7ff827594500 call 7ff8275929a0 call 7ff827592a80 call 7ff827595090 call 7ff827592ab0 1063->1077 1064->1066 1083 7ff82754f43e-7ff82754f449 call 7ff8275af500 call 7ff827533150 1066->1083 1071 7ff82754ec42-7ff82754ec63 1068->1071 1072 7ff82754ec12-7ff82754ec1f 1068->1072 1080 7ff82754ec65-7ff82754ec7c 1071->1080 1081 7ff82754ec83 1071->1081 1078 7ff82754ec3d call 7ff82758f9c8 1072->1078 1079 7ff82754ec21-7ff82754ec34 1072->1079 1111 7ff82754ed40-7ff82754ed68 1077->1111 1078->1071 1079->1083 1085 7ff82754ec3a 1079->1085 1080->1063 1082 7ff82754ec7e 1080->1082 1081->1063 1082->1068 1097 7ff82754f44a-7ff82754f44f call 7ff8275af500 1083->1097 1085->1078 1103 7ff82754f450-7ff82754f455 call 7ff8275af500 1097->1103 1110 7ff82754f456-7ff82754f49c call 7ff8275af500 call 7ff8275b582c 1103->1110 1119 7ff82754f4a0-7ff82754f4a8 1110->1119 1111->1111 1113 7ff82754ed6a-7ff82754ee74 call 7ff82753e160 1111->1113 1126 7ff82754ee79-7ff82754ef7a call 7ff82753ef80 call 7ff827592a80 call 7ff827592020 call 7ff827592ab0 1113->1126 1127 7ff82754ee76 1113->1127 1119->1119 1121 7ff82754f4aa-7ff82754f4ba call 7ff827531800 1119->1121 1139 7ff82754ef7c-7ff82754ef8d 1126->1139 1140 7ff82754efa8-7ff82754efb3 1126->1140 1127->1126 1139->1140 1141 7ff82754ef8f-7ff82754ef9d 1139->1141 1142 7ff82754efea-7ff82754eff5 1140->1142 1143 7ff82754efb5-7ff82754efc9 1140->1143 1141->1140 1144 7ff82754ef9f-7ff82754efa7 1141->1144 1147 7ff82754f02c-7ff82754f037 1142->1147 1148 7ff82754eff7-7ff82754f00b 1142->1148 1145 7ff82754efcb-7ff82754efde 1143->1145 1146 7ff82754efe4-7ff82754efe9 call 7ff82758f9c8 1143->1146 1144->1140 1145->1097 1145->1146 1146->1142 1149 7ff82754f06d-7ff82754f08f 1147->1149 1150 7ff82754f039-7ff82754f04d 1147->1150 1152 7ff82754f00d-7ff82754f020 1148->1152 1153 7ff82754f026-7ff82754f02b call 7ff82758f9c8 1148->1153 1158 7ff82754f091-7ff82754f0a2 1149->1158 1159 7ff82754f0c2-7ff82754f0e6 1149->1159 1155 7ff82754f04f-7ff82754f062 1150->1155 1156 7ff82754f068 call 7ff82758f9c8 1150->1156 1152->1103 1152->1153 1153->1147 1155->1110 1155->1156 1156->1149 1163 7ff82754f0bd call 7ff82758f9c8 1158->1163 1164 7ff82754f0a4-7ff82754f0b7 1158->1164 1165 7ff82754f0e8-7ff82754f0fd 1159->1165 1166 7ff82754f101-7ff82754f166 call 7ff827592a80 call 7ff827592020 call 7ff827592ab0 1159->1166 1163->1159 1164->1163 1168 7ff82754f424-7ff82754f431 call 7ff8275af500 call 7ff827568124 1164->1168 1165->1166 1181 7ff82754f168-7ff82754f179 1166->1181 1182 7ff82754f195-7ff82754f1d9 call 7ff82754d760 call 7ff827592a80 call 7ff827536d20 1166->1182 1168->1064 1181->1182 1183 7ff82754f17b-7ff82754f189 1181->1183 1193 7ff82754f1df-7ff82754f20f call 7ff827592020 call 7ff827592ab0 1182->1193 1194 7ff82754f1db 1182->1194 1183->1182 1185 7ff82754f18b-7ff82754f18e 1183->1185 1185->1182 1199 7ff82754f23e-7ff82754f24c call 7ff827594620 call 7ff827595470 1193->1199 1200 7ff82754f211-7ff82754f222 1193->1200 1194->1193 1207 7ff82754f251-7ff82754f263 call 7ff8275948f0 1199->1207 1200->1199 1202 7ff82754f224-7ff82754f232 1200->1202 1202->1199 1204 7ff82754f234-7ff82754f237 1202->1204 1204->1199 1209 7ff82754f268-7ff82754f27a 1207->1209 1211 7ff82754f280-7ff82754f33d call 7ff82753d990 call 7ff827545630 call 7ff82754e360 call 7ff8275989d0 1209->1211 1212 7ff82754f3d1-7ff82754f3d4 1209->1212 1229 7ff82754f33f-7ff82754f343 1211->1229 1230 7ff82754f353-7ff82754f360 1211->1230 1213 7ff82754f3d6-7ff82754f3db call 7ff827594330 1212->1213 1214 7ff82754f3e0-7ff82754f3ef call 7ff8275474c0 1212->1214 1213->1214 1214->1076 1222 7ff82754f3f1-7ff82754f3f5 ReleaseSRWLockShared 1214->1222 1222->1076 1231 7ff82754f37b-7ff82754f384 1229->1231 1232 7ff82754f345-7ff82754f351 1229->1232 1233 7ff82754f36f-7ff82754f376 call 7ff82754d3e0 1230->1233 1235 7ff82754f389-7ff82754f39f call 7ff82754d3e0 call 7ff82753a0d0 1231->1235 1236 7ff82754f386 1231->1236 1232->1233 1233->1231 1240 7ff82754f3a4-7ff82754f3ae call 7ff827594910 1235->1240 1236->1235 1242 7ff82754f3b3-7ff82754f3cc call 7ff827598910 call 7ff827547290 1240->1242 1242->1212
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$AcquireLockMtx_unlockShared
                                                                                                                • String ID: !!!ERROR!!! $!!!FATAL!!! $FileName$Scope$ThreadId$Unknown error${}.{:03d} | {:<15} {}
                                                                                                                • API String ID: 1953351835-1628071256
                                                                                                                • Opcode ID: 7e99ba4f8095c05934ffecdf387682bf606bd8501efab4a83d78887133a2f6fc
                                                                                                                • Instruction ID: ced641ff1f65c943c30390faea089c312a824550cf77bedd04cb47313cc7a681
                                                                                                                • Opcode Fuzzy Hash: 7e99ba4f8095c05934ffecdf387682bf606bd8501efab4a83d78887133a2f6fc
                                                                                                                • Instruction Fuzzy Hash: 3E526862A09B8685EB218F2ADD503EDA3A1FB867D4F448232DA4D477A5DF3CF585C340
                                                                                                                Function 00007FF8275399B0 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 445COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1247 7ff8275399b0-7ff827539a16 1248 7ff827539a18-7ff827539a20 call 7ff8275a3210 1247->1248 1249 7ff827539a25-7ff827539a2b 1247->1249 1248->1249 1251 7ff827539fa8-7ff827539fef call 7ff827535f40 call 7ff827537150 call 7ff8275a1ddc 1249->1251 1252 7ff827539a31-7ff827539a44 call 7ff827568008 1249->1252 1259 7ff827539ff0-7ff827539ff7 call 7ff827568124 1251->1259 1258 7ff827539a4a-7ff827539a58 1252->1258 1252->1259 1262 7ff827539a5a-7ff827539a67 1258->1262 1263 7ff827539a97-7ff827539abd call 7ff8275364a0 1258->1263 1270 7ff827539ff8-7ff82753a042 call 7ff827536050 call 7ff827536fd0 call 7ff8275a1ddc 1259->1270 1267 7ff827539a70-7ff827539a8b call 7ff82753a610 1262->1267 1263->1270 1273 7ff827539ac3-7ff827539ad7 1263->1273 1275 7ff827539a8d-7ff827539a92 1267->1275 1291 7ff82753a043-7ff82753a048 call 7ff8275af500 1270->1291 1276 7ff827539add 1273->1276 1277 7ff827539f67-7ff827539f9b call 7ff827568010 call 7ff827590080 1273->1277 1275->1263 1280 7ff827539ae0-7ff827539b0f call 7ff827536d20 call 7ff8275406c0 1276->1280 1294 7ff827539b42-7ff827539b66 1280->1294 1295 7ff827539b11-7ff827539b22 1280->1295 1302 7ff82753a049-7ff82753a04e call 7ff8275af500 1291->1302 1296 7ff827539b6b-7ff827539b89 call 7ff8275406c0 1294->1296 1297 7ff827539b68 1294->1297 1299 7ff827539b3d call 7ff82758f9c8 1295->1299 1300 7ff827539b24-7ff827539b37 1295->1300 1306 7ff827539b8b 1296->1306 1307 7ff827539b8e-7ff827539baa call 7ff8275406c0 1296->1307 1297->1296 1299->1294 1300->1291 1300->1299 1310 7ff82753a04f-7ff82753a054 call 7ff8275af500 1302->1310 1306->1307 1313 7ff827539bb0-7ff827539bb3 1307->1313 1314 7ff827539db4-7ff827539dd5 1307->1314 1319 7ff82753a055-7ff82753a05a call 7ff8275af500 1310->1319 1317 7ff827539bb9-7ff827539bdf 1313->1317 1318 7ff827539e74 1313->1318 1316 7ff827539de0-7ff827539dee 1314->1316 1316->1316 1321 7ff827539df0-7ff827539e2f call 7ff827540950 call 7ff827531dd0 1316->1321 1322 7ff827539be0-7ff827539bee 1317->1322 1320 7ff827539e77-7ff827539e7f 1318->1320 1335 7ff82753a05b-7ff82753a060 call 7ff8275af500 1319->1335 1324 7ff827539e81-7ff827539e97 1320->1324 1325 7ff827539eb7-7ff827539ed0 1320->1325 1350 7ff827539e34-7ff827539e3d 1321->1350 1322->1322 1327 7ff827539bf0-7ff827539c0e 1322->1327 1329 7ff827539e99-7ff827539eac 1324->1329 1330 7ff827539eb2 call 7ff82758f9c8 1324->1330 1331 7ff827539f08-7ff827539f21 1325->1331 1332 7ff827539ed2-7ff827539ee8 1325->1332 1334 7ff827539c10-7ff827539c1e 1327->1334 1329->1330 1338 7ff82753a061-7ff82753a07c call 7ff8275af500 1329->1338 1330->1325 1336 7ff827539f23-7ff827539f3a 1331->1336 1337 7ff827539f56-7ff827539f61 1331->1337 1340 7ff827539eea-7ff827539efd 1332->1340 1341 7ff827539f03 call 7ff82758f9c8 1332->1341 1334->1334 1343 7ff827539c20-7ff827539c3d 1334->1343 1335->1338 1345 7ff827539f3c-7ff827539f4f 1336->1345 1346 7ff827539f51 call 7ff82758f9c8 1336->1346 1337->1277 1337->1280 1363 7ff82753a07e-7ff82753a081 1338->1363 1364 7ff82753a086-7ff82753a088 1338->1364 1340->1341 1348 7ff827539f9c-7ff827539fa1 call 7ff8275af500 1340->1348 1341->1331 1351 7ff827539c40-7ff827539c4e 1343->1351 1345->1346 1354 7ff827539fa2-7ff827539fa7 call 7ff8275af500 1345->1354 1346->1337 1348->1354 1358 7ff827539e3f-7ff827539e50 1350->1358 1359 7ff827539e70 1350->1359 1351->1351 1353 7ff827539c50-7ff827539cdf call 7ff827540950 * 3 call 7ff827536670 1351->1353 1377 7ff827539d12-7ff827539d2d 1353->1377 1378 7ff827539ce1-7ff827539cf2 1353->1378 1354->1251 1360 7ff827539e6b call 7ff82758f9c8 1358->1360 1361 7ff827539e52-7ff827539e65 1358->1361 1359->1318 1360->1359 1361->1335 1361->1360 1363->1364 1369 7ff82753a083-7ff82753a085 1363->1369 1381 7ff827539d2f-7ff827539d40 1377->1381 1382 7ff827539d60-7ff827539d78 1377->1382 1379 7ff827539d0d call 7ff82758f9c8 1378->1379 1380 7ff827539cf4-7ff827539d07 1378->1380 1379->1377 1380->1302 1380->1379 1386 7ff827539d5b call 7ff82758f9c8 1381->1386 1387 7ff827539d42-7ff827539d55 1381->1387 1383 7ff827539dab-7ff827539daf 1382->1383 1384 7ff827539d7a-7ff827539d8b 1382->1384 1383->1320 1389 7ff827539d8d-7ff827539da0 1384->1389 1390 7ff827539da6 call 7ff82758f9c8 1384->1390 1386->1382 1387->1310 1387->1386 1389->1319 1389->1390 1390->1383
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Mtx_unlock
                                                                                                                • String ID: -$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$buffer has capacity of {}, while {} is needed$copy port '{}'$copy port '{}', '{}', '{}'$port level {} is not valid$size needed is {}
                                                                                                                • API String ID: 3867719841-632606356
                                                                                                                • Opcode ID: 2d52f2000935f6e63435e5294d3f0b6f364dc658146fd4dfe85ec427ec256439
                                                                                                                • Instruction ID: 871179f6e3775a5460045f7a1b145a9e16fda84247259bca3d4fac610344085e
                                                                                                                • Opcode Fuzzy Hash: 2d52f2000935f6e63435e5294d3f0b6f364dc658146fd4dfe85ec427ec256439
                                                                                                                • Instruction Fuzzy Hash: 47129E62B08B8685EF00CF66DD443ADA7A1FB467D8F505236EA5D13AE9DF78E085C300
                                                                                                                Function 00007FF82753F400 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FolderPathProcessSpecial$CurrentErrorLastSession_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: .$SHGetSpecialFolderPathW() failed with error {}
                                                                                                                • API String ID: 2640792341-2940119500
                                                                                                                • Opcode ID: c1de4c8d56b6387d5d1ff14ac13dba0f03a904639889be44e8ef82b3af205d67
                                                                                                                • Instruction ID: c470d51c7c9090afc22a999f409819d659a86885bd60a902a7c6d9c1ff42680c
                                                                                                                • Opcode Fuzzy Hash: c1de4c8d56b6387d5d1ff14ac13dba0f03a904639889be44e8ef82b3af205d67
                                                                                                                • Instruction Fuzzy Hash: 3E41A632A09B8686EB209F22ED443AEB3A0FF867D8F404131DA5D476A5DF3CE544C700
                                                                                                                Function 00007FF82758E460 Relevance: 10.7, APIs: 7, Instructions: 230fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1829 7ff82758e460-7ff82758e488 1830 7ff82758e48a 1829->1830 1831 7ff82758e48d-7ff82758e49e 1829->1831 1830->1831 1832 7ff82758e4a5-7ff82758e4ae 1831->1832 1832->1832 1833 7ff82758e4b0-7ff82758e505 call 7ff82753f2c0 CreateFileW 1832->1833 1836 7ff82758e507-7ff82758e51e 1833->1836 1837 7ff82758e53e-7ff82758e555 1833->1837 1840 7ff82758e520-7ff82758e533 1836->1840 1841 7ff82758e539 call 7ff82758f9c8 1836->1841 1838 7ff82758e557-7ff82758e562 GetLastError 1837->1838 1839 7ff82758e5b9-7ff82758e5ce call 7ff82758e1c0 CloseHandle 1837->1839 1842 7ff82758e564-7ff82758e56c 1838->1842 1843 7ff82758e5a6-7ff82758e5b7 call 7ff82758e010 1838->1843 1852 7ff82758e5d4-7ff82758e5ee call 7ff827590080 1839->1852 1840->1841 1845 7ff82758e5ef-7ff82758e61a call 7ff8275af500 1840->1845 1841->1837 1847 7ff82758e571-7ff82758e57c GetFileAttributesW 1842->1847 1848 7ff82758e56e 1842->1848 1843->1852 1859 7ff82758e620-7ff82758e627 1845->1859 1853 7ff82758e59e-7ff82758e5a4 GetLastError 1847->1853 1854 7ff82758e57e-7ff82758e582 1847->1854 1848->1847 1853->1843 1854->1843 1858 7ff82758e584-7ff82758e59c call 7ff82758de20 1854->1858 1858->1852 1859->1859 1862 7ff82758e629-7ff82758e63a 1859->1862 1864 7ff82758e660-7ff82758e66d 1862->1864 1865 7ff82758e63c-7ff82758e643 1862->1865 1868 7ff82758e673-7ff82758e67d 1864->1868 1869 7ff82758e75b-7ff82758e760 call 7ff827533150 1864->1869 1866 7ff82758e645 1865->1866 1867 7ff82758e648-7ff82758e65b call 7ff8275a2b60 1865->1867 1866->1867 1884 7ff82758e740-7ff82758e75a 1867->1884 1872 7ff82758e693-7ff82758e6a2 1868->1872 1873 7ff82758e67f-7ff82758e691 call 7ff8275317c0 1868->1873 1883 7ff82758e761-7ff82758e766 call 7ff8275af500 1869->1883 1875 7ff82758e6a4-7ff82758e6b6 call 7ff8275317c0 1872->1875 1876 7ff82758e6b8-7ff82758e6d1 1872->1876 1885 7ff82758e6ef-7ff82758e70e call 7ff8275a2b60 1873->1885 1875->1885 1881 7ff82758e6d3-7ff82758e6db call 7ff8275317c0 1876->1881 1882 7ff82758e6dd-7ff82758e6e0 1876->1882 1881->1885 1888 7ff82758e6e2-7ff82758e6ea call 7ff82758f98c 1882->1888 1889 7ff82758e6ec 1882->1889 1897 7ff82758e710-7ff82758e71e 1885->1897 1898 7ff82758e73d 1885->1898 1888->1885 1889->1885 1899 7ff82758e720-7ff82758e733 1897->1899 1900 7ff82758e738 call 7ff82758f9c8 1897->1900 1898->1884 1899->1883 1901 7ff82758e735 1899->1901 1900->1898 1901->1900
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLast_invalid_parameter_noinfo_noreturn$AttributesCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2181032588-0
                                                                                                                • Opcode ID: 7d658bc1296771d79d45507b157a0276056d0b92b58f7626a9807e066600f0b3
                                                                                                                • Instruction ID: cb9a9f52d9b57fe39a6d3c4a85ed76788b7571c0b10fdd27a0de632bcbe7c192
                                                                                                                • Opcode Fuzzy Hash: 7d658bc1296771d79d45507b157a0276056d0b92b58f7626a9807e066600f0b3
                                                                                                                • Instruction Fuzzy Hash: 0881C562A0868546FA109B27EE4427DE7A1AB47BE0F644731EA7D477E5DE7CF4C18300
                                                                                                                Function 00007FF827534507 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1903 7ff827534507-7ff827534520 call 7ff827550ce0 1906 7ff8275345f9-7ff82753461d call 7ff827590080 1903->1906 1907 7ff827534526-7ff82753453b 1903->1907 1908 7ff8275345f3-7ff8275345f8 call 7ff82758f9c8 1907->1908 1909 7ff827534541-7ff827534554 1907->1909 1908->1906 1912 7ff82753455a 1909->1912 1913 7ff827534636-7ff827534647 call 7ff8275af500 * 3 1909->1913 1912->1908 1925 7ff827534650-7ff8275346cf call 7ff82754d760 1913->1925 1928 7ff8275346ec-7ff827534700 call 7ff827550ce0 1925->1928 1929 7ff8275346d1-7ff8275346da 1925->1929 1935 7ff827534702-7ff827534714 1928->1935 1936 7ff827534734-7ff82753475b call 7ff827540950 1928->1936 1930 7ff8275346df-7ff8275346e7 call 7ff827533270 1929->1930 1931 7ff8275346dc 1929->1931 1930->1928 1931->1930 1938 7ff82753472f call 7ff82758f9c8 1935->1938 1939 7ff827534716-7ff827534729 1935->1939 1941 7ff827534760-7ff827534788 call 7ff827532230 1936->1941 1938->1936 1939->1938 1942 7ff8275348f7-7ff8275348fc call 7ff8275af500 1939->1942 1945 7ff82753478d-7ff82753479a 1941->1945 1949 7ff8275348fd-7ff827534902 call 7ff8275af500 1942->1949 1947 7ff82753479c-7ff8275347b1 1945->1947 1948 7ff8275347d1-7ff827534805 call 7ff8275384b0 call 7ff827540950 call 7ff82753b150 1945->1948 1950 7ff8275347cc call 7ff82758f9c8 1947->1950 1951 7ff8275347b3-7ff8275347c6 1947->1951 1965 7ff82753483d-7ff827534850 call 7ff827550ce0 1948->1965 1966 7ff827534807-7ff82753481c 1948->1966 1957 7ff827534903-7ff827534908 call 7ff8275af500 1949->1957 1950->1948 1951->1949 1951->1950 1964 7ff827534909-7ff827534923 call 7ff8275af500 * 2 1957->1964 1964->1925 1976 7ff827534852-7ff827534864 1965->1976 1977 7ff827534885-7ff8275348f6 call 7ff827590080 1965->1977 1968 7ff82753481e-7ff827534831 1966->1968 1969 7ff827534837-7ff82753483c call 7ff82758f9c8 1966->1969 1968->1957 1968->1969 1969->1965 1979 7ff82753487f-7ff827534884 call 7ff82758f9c8 1976->1979 1980 7ff827534866-7ff827534879 1976->1980 1979->1977 1980->1964 1980->1979
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 3668304517-2202528157
                                                                                                                • Opcode ID: 5a4bcbad542ef0afb540b301c0fa5965c43cc73f303fd99a96c887a74714bb82
                                                                                                                • Instruction ID: 4c3986051d3f37f4802fe2359d496fc1d12d60acfcf85e0143250e08b10162b2
                                                                                                                • Opcode Fuzzy Hash: 5a4bcbad542ef0afb540b301c0fa5965c43cc73f303fd99a96c887a74714bb82
                                                                                                                • Instruction Fuzzy Hash: BD716062A1868541FA149B56EE4437EA251FB877E0F504232EAAD42BEADF7CF481C700
                                                                                                                Function 00007FF82754EDF7 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 358COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2055 7ff82754edf7-7ff82754ee74 call 7ff827533180 call 7ff8275a2b60 call 7ff82753e160 2065 7ff82754ee79-7ff82754ef7a call 7ff82753ef80 call 7ff827592a80 call 7ff827592020 call 7ff827592ab0 2055->2065 2066 7ff82754ee76 2055->2066 2078 7ff82754ef7c-7ff82754ef8d 2065->2078 2079 7ff82754efa8-7ff82754efb3 2065->2079 2066->2065 2078->2079 2080 7ff82754ef8f-7ff82754ef9d 2078->2080 2081 7ff82754efea-7ff82754eff5 2079->2081 2082 7ff82754efb5-7ff82754efc9 2079->2082 2080->2079 2083 7ff82754ef9f-7ff82754efa7 2080->2083 2086 7ff82754f02c-7ff82754f037 2081->2086 2087 7ff82754eff7-7ff82754f00b 2081->2087 2084 7ff82754efcb-7ff82754efde 2082->2084 2085 7ff82754efe4-7ff82754efe9 call 7ff82758f9c8 2082->2085 2083->2079 2084->2085 2090 7ff82754f44a-7ff82754f44f call 7ff8275af500 2084->2090 2085->2081 2088 7ff82754f06d-7ff82754f08f 2086->2088 2089 7ff82754f039-7ff82754f04d 2086->2089 2092 7ff82754f00d-7ff82754f020 2087->2092 2093 7ff82754f026-7ff82754f02b call 7ff82758f9c8 2087->2093 2100 7ff82754f091-7ff82754f0a2 2088->2100 2101 7ff82754f0c2-7ff82754f0e6 2088->2101 2096 7ff82754f04f-7ff82754f062 2089->2096 2097 7ff82754f068 call 7ff82758f9c8 2089->2097 2094 7ff82754f450-7ff82754f455 call 7ff8275af500 2090->2094 2092->2093 2092->2094 2093->2086 2104 7ff82754f456-7ff82754f49c call 7ff8275af500 call 7ff8275b582c 2094->2104 2096->2097 2096->2104 2097->2088 2108 7ff82754f0bd call 7ff82758f9c8 2100->2108 2109 7ff82754f0a4-7ff82754f0b7 2100->2109 2110 7ff82754f0e8-7ff82754f0fd 2101->2110 2111 7ff82754f101-7ff82754f166 call 7ff827592a80 call 7ff827592020 call 7ff827592ab0 2101->2111 2126 7ff82754f4a0-7ff82754f4a8 2104->2126 2108->2101 2109->2108 2114 7ff82754f424-7ff82754f449 call 7ff8275af500 call 7ff827568124 call 7ff8275af500 * 3 call 7ff827533150 2109->2114 2110->2111 2138 7ff82754f168-7ff82754f179 2111->2138 2139 7ff82754f195-7ff82754f1d9 call 7ff82754d760 call 7ff827592a80 call 7ff827536d20 2111->2139 2114->2090 2126->2126 2129 7ff82754f4aa-7ff82754f4ba call 7ff827531800 2126->2129 2138->2139 2141 7ff82754f17b-7ff82754f189 2138->2141 2158 7ff82754f1df-7ff82754f20f call 7ff827592020 call 7ff827592ab0 2139->2158 2159 7ff82754f1db 2139->2159 2141->2139 2145 7ff82754f18b-7ff82754f18e 2141->2145 2145->2139 2164 7ff82754f23e-7ff82754f27a call 7ff827594620 call 7ff827595470 call 7ff8275948f0 2158->2164 2165 7ff82754f211-7ff82754f222 2158->2165 2159->2158 2176 7ff82754f280-7ff82754f33d call 7ff82753d990 call 7ff827545630 call 7ff82754e360 call 7ff8275989d0 2164->2176 2177 7ff82754f3d1-7ff82754f3d4 2164->2177 2165->2164 2167 7ff82754f224-7ff82754f232 2165->2167 2167->2164 2169 7ff82754f234-7ff82754f237 2167->2169 2169->2164 2197 7ff82754f33f-7ff82754f343 2176->2197 2198 7ff82754f353-7ff82754f360 2176->2198 2178 7ff82754f3d6-7ff82754f3db call 7ff827594330 2177->2178 2179 7ff82754f3e0-7ff82754f3ef call 7ff8275474c0 2177->2179 2178->2179 2187 7ff82754f3fa-7ff82754f423 call 7ff827590080 2179->2187 2188 7ff82754f3f1-7ff82754f3f5 ReleaseSRWLockShared 2179->2188 2188->2187 2199 7ff82754f37b-7ff82754f384 2197->2199 2200 7ff82754f345-7ff82754f351 2197->2200 2201 7ff82754f36f-7ff82754f376 call 7ff82754d3e0 2198->2201 2203 7ff82754f389-7ff82754f3ae call 7ff82754d3e0 call 7ff82753a0d0 call 7ff827594910 2199->2203 2204 7ff82754f386 2199->2204 2200->2201 2201->2199 2210 7ff82754f3b3-7ff82754f3cc call 7ff827598910 call 7ff827547290 2203->2210 2204->2203 2210->2177
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !!!FATAL!!! $FileName$Scope$ThreadId
                                                                                                                • API String ID: 0-967080973
                                                                                                                • Opcode ID: 4e1255f63a5424c12aff2119a165ed6b3e4409f8438a9b7516dbfd73cc261f37
                                                                                                                • Instruction ID: d7d565db3310b8dcebf0ae39b035f06b384b713615ca6fb12a68196ed02e2537
                                                                                                                • Opcode Fuzzy Hash: 4e1255f63a5424c12aff2119a165ed6b3e4409f8438a9b7516dbfd73cc261f37
                                                                                                                • Instruction Fuzzy Hash: F8F17A72A09B8685EB618F2ADE503EDA360FB867D4F844132DA4D47AE5DF3CE585C340
                                                                                                                Function 00007FF82754EDC8 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 349COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2215 7ff82754edc8-7ff82754ee74 call 7ff8275a2b60 call 7ff82753e160 2223 7ff82754ee79-7ff82754ef7a call 7ff82753ef80 call 7ff827592a80 call 7ff827592020 call 7ff827592ab0 2215->2223 2224 7ff82754ee76 2215->2224 2236 7ff82754ef7c-7ff82754ef8d 2223->2236 2237 7ff82754efa8-7ff82754efb3 2223->2237 2224->2223 2236->2237 2238 7ff82754ef8f-7ff82754ef9d 2236->2238 2239 7ff82754efea-7ff82754eff5 2237->2239 2240 7ff82754efb5-7ff82754efc9 2237->2240 2238->2237 2241 7ff82754ef9f-7ff82754efa7 2238->2241 2244 7ff82754f02c-7ff82754f037 2239->2244 2245 7ff82754eff7-7ff82754f00b 2239->2245 2242 7ff82754efcb-7ff82754efde 2240->2242 2243 7ff82754efe4-7ff82754efe9 call 7ff82758f9c8 2240->2243 2241->2237 2242->2243 2248 7ff82754f44a-7ff82754f44f call 7ff8275af500 2242->2248 2243->2239 2246 7ff82754f06d-7ff82754f08f 2244->2246 2247 7ff82754f039-7ff82754f04d 2244->2247 2250 7ff82754f00d-7ff82754f020 2245->2250 2251 7ff82754f026-7ff82754f02b call 7ff82758f9c8 2245->2251 2258 7ff82754f091-7ff82754f0a2 2246->2258 2259 7ff82754f0c2-7ff82754f0e6 2246->2259 2254 7ff82754f04f-7ff82754f062 2247->2254 2255 7ff82754f068 call 7ff82758f9c8 2247->2255 2252 7ff82754f450-7ff82754f455 call 7ff8275af500 2248->2252 2250->2251 2250->2252 2251->2244 2262 7ff82754f456-7ff82754f49c call 7ff8275af500 call 7ff8275b582c 2252->2262 2254->2255 2254->2262 2255->2246 2266 7ff82754f0bd call 7ff82758f9c8 2258->2266 2267 7ff82754f0a4-7ff82754f0b7 2258->2267 2268 7ff82754f0e8-7ff82754f0fd 2259->2268 2269 7ff82754f101-7ff82754f166 call 7ff827592a80 call 7ff827592020 call 7ff827592ab0 2259->2269 2284 7ff82754f4a0-7ff82754f4a8 2262->2284 2266->2259 2267->2266 2272 7ff82754f424-7ff82754f449 call 7ff8275af500 call 7ff827568124 call 7ff8275af500 * 3 call 7ff827533150 2267->2272 2268->2269 2296 7ff82754f168-7ff82754f179 2269->2296 2297 7ff82754f195-7ff82754f1d9 call 7ff82754d760 call 7ff827592a80 call 7ff827536d20 2269->2297 2272->2248 2284->2284 2287 7ff82754f4aa-7ff82754f4ba call 7ff827531800 2284->2287 2296->2297 2299 7ff82754f17b-7ff82754f189 2296->2299 2316 7ff82754f1df-7ff82754f20f call 7ff827592020 call 7ff827592ab0 2297->2316 2317 7ff82754f1db 2297->2317 2299->2297 2303 7ff82754f18b-7ff82754f18e 2299->2303 2303->2297 2322 7ff82754f23e-7ff82754f24c call 7ff827594620 call 7ff827595470 2316->2322 2323 7ff82754f211-7ff82754f222 2316->2323 2317->2316 2330 7ff82754f251-7ff82754f263 call 7ff8275948f0 2322->2330 2323->2322 2325 7ff82754f224-7ff82754f232 2323->2325 2325->2322 2327 7ff82754f234-7ff82754f237 2325->2327 2327->2322 2332 7ff82754f268-7ff82754f27a 2330->2332 2334 7ff82754f280-7ff82754f33d call 7ff82753d990 call 7ff827545630 call 7ff82754e360 call 7ff8275989d0 2332->2334 2335 7ff82754f3d1-7ff82754f3d4 2332->2335 2355 7ff82754f33f-7ff82754f343 2334->2355 2356 7ff82754f353-7ff82754f360 2334->2356 2336 7ff82754f3d6-7ff82754f3db call 7ff827594330 2335->2336 2337 7ff82754f3e0-7ff82754f3ef call 7ff8275474c0 2335->2337 2336->2337 2345 7ff82754f3fa-7ff82754f423 call 7ff827590080 2337->2345 2346 7ff82754f3f1-7ff82754f3f5 ReleaseSRWLockShared 2337->2346 2346->2345 2357 7ff82754f37b-7ff82754f384 2355->2357 2358 7ff82754f345-7ff82754f351 2355->2358 2359 7ff82754f36f-7ff82754f376 call 7ff82754d3e0 2356->2359 2361 7ff82754f389-7ff82754f39f call 7ff82754d3e0 call 7ff82753a0d0 2357->2361 2362 7ff82754f386 2357->2362 2358->2359 2359->2357 2366 7ff82754f3a4-7ff82754f3ae call 7ff827594910 2361->2366 2362->2361 2368 7ff82754f3b3-7ff82754f3cc call 7ff827598910 call 7ff827547290 2366->2368 2368->2335
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !!!FATAL!!! $FileName$Scope$ThreadId
                                                                                                                • API String ID: 0-967080973
                                                                                                                • Opcode ID: d43a1a34a926983430290ba7df7125675037cb552fe236f9c81a9310c05e96c3
                                                                                                                • Instruction ID: 59d0e5b90752a1c5a834061e1b3f3532ea92f0ea0d99a1737a89bce774fead46
                                                                                                                • Opcode Fuzzy Hash: d43a1a34a926983430290ba7df7125675037cb552fe236f9c81a9310c05e96c3
                                                                                                                • Instruction Fuzzy Hash: F3F16A72A09B8685EB618F2ADE503EDA360FB867D4F844132DA4D47AE5DF3CE585C340
                                                                                                                Function 00007FF82753455F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 182COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2373 7ff82753455f-7ff827534578 call 7ff827550ce0 2376 7ff82753457a-7ff82753458f 2373->2376 2377 7ff8275345f9-7ff82753461d call 7ff827590080 2373->2377 2379 7ff8275345f3-7ff8275345f8 call 7ff82758f9c8 2376->2379 2380 7ff827534591-7ff8275345a4 2376->2380 2379->2377 2383 7ff8275345aa 2380->2383 2384 7ff82753463c-7ff827534647 call 7ff8275af500 * 2 2380->2384 2383->2379 2392 7ff827534650-7ff8275346cf call 7ff82754d760 2384->2392 2395 7ff8275346ec-7ff827534700 call 7ff827550ce0 2392->2395 2396 7ff8275346d1-7ff8275346da 2392->2396 2402 7ff827534702-7ff827534714 2395->2402 2403 7ff827534734-7ff82753475b call 7ff827540950 2395->2403 2397 7ff8275346df-7ff8275346e7 call 7ff827533270 2396->2397 2398 7ff8275346dc 2396->2398 2397->2395 2398->2397 2405 7ff82753472f call 7ff82758f9c8 2402->2405 2406 7ff827534716-7ff827534729 2402->2406 2408 7ff827534760-7ff827534788 call 7ff827532230 2403->2408 2405->2403 2406->2405 2409 7ff8275348f7-7ff8275348fc call 7ff8275af500 2406->2409 2412 7ff82753478d-7ff82753479a 2408->2412 2416 7ff8275348fd-7ff827534902 call 7ff8275af500 2409->2416 2414 7ff82753479c-7ff8275347b1 2412->2414 2415 7ff8275347d1-7ff827534805 call 7ff8275384b0 call 7ff827540950 call 7ff82753b150 2412->2415 2417 7ff8275347cc call 7ff82758f9c8 2414->2417 2418 7ff8275347b3-7ff8275347c6 2414->2418 2432 7ff82753483d-7ff827534850 call 7ff827550ce0 2415->2432 2433 7ff827534807-7ff82753481c 2415->2433 2424 7ff827534903-7ff827534908 call 7ff8275af500 2416->2424 2417->2415 2418->2416 2418->2417 2431 7ff827534909-7ff827534923 call 7ff8275af500 * 2 2424->2431 2431->2392 2443 7ff827534852-7ff827534864 2432->2443 2444 7ff827534885-7ff8275348f6 call 7ff827590080 2432->2444 2435 7ff82753481e-7ff827534831 2433->2435 2436 7ff827534837-7ff82753483c call 7ff82758f9c8 2433->2436 2435->2424 2435->2436 2436->2432 2446 7ff82753487f-7ff827534884 call 7ff82758f9c8 2443->2446 2447 7ff827534866-7ff827534879 2443->2447 2446->2444 2447->2431 2447->2446
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 3668304517-2202528157
                                                                                                                • Opcode ID: 55019143d156af845b3f99fd126a35005dc8cbb2b6df535daa8d98399302e1af
                                                                                                                • Instruction ID: 058525fce6fb4480aaecf5613f9776aa5a99eb40f64d1306688c3bd3bd97aaf9
                                                                                                                • Opcode Fuzzy Hash: 55019143d156af845b3f99fd126a35005dc8cbb2b6df535daa8d98399302e1af
                                                                                                                • Instruction Fuzzy Hash: 25716162A1868541FA149B56ED4437EA251FB877E0F504232EAAD43BEADF7CF481C700
                                                                                                                Function 00007FF827534195 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2454 7ff827534195-7ff8275341a8 call 7ff827550ce0 2457 7ff8275341aa-7ff8275341bc 2454->2457 2458 7ff8275341d9-7ff8275341f3 call 7ff827590080 2454->2458 2459 7ff8275341be-7ff8275341d1 2457->2459 2460 7ff8275341d3-7ff8275341d8 call 7ff82758f9c8 2457->2460 2459->2460 2462 7ff827534200-7ff8275342c8 call 7ff8275af500 call 7ff82754d760 2459->2462 2460->2458 2471 7ff8275342ca-7ff8275342d3 2462->2471 2472 7ff8275342e8-7ff827534302 call 7ff827550ce0 2462->2472 2473 7ff8275342d8-7ff8275342e3 call 7ff827533270 2471->2473 2474 7ff8275342d5 2471->2474 2478 7ff827534339-7ff8275343e8 call 7ff827540950 call 7ff827531fb0 2472->2478 2479 7ff827534304-7ff827534319 2472->2479 2473->2472 2474->2473 2491 7ff8275343ea-7ff8275343ff 2478->2491 2492 7ff82753441f-7ff827534456 call 7ff8275384b0 call 7ff827540950 call 7ff8275399b0 2478->2492 2480 7ff82753431b-7ff82753432e 2479->2480 2481 7ff827534334 call 7ff82758f9c8 2479->2481 2480->2481 2483 7ff82753461e-7ff827534623 call 7ff8275af500 2480->2483 2481->2478 2490 7ff827534624-7ff827534629 call 7ff8275af500 2483->2490 2500 7ff82753462a-7ff82753462f call 7ff8275af500 2490->2500 2494 7ff82753441a call 7ff82758f9c8 2491->2494 2495 7ff827534401-7ff827534414 2491->2495 2507 7ff82753445b-7ff827534469 2492->2507 2494->2492 2495->2490 2495->2494 2506 7ff827534630-7ff827534647 call 7ff8275af500 * 4 2500->2506 2536 7ff827534650-7ff8275346cf call 7ff82754d760 2506->2536 2509 7ff82753446b-7ff827534480 2507->2509 2510 7ff8275344a1-7ff8275344c5 call 7ff827550ce0 2507->2510 2513 7ff82753449b-7ff8275344a0 call 7ff82758f9c8 2509->2513 2514 7ff827534482-7ff827534495 2509->2514 2519 7ff8275344fd-7ff82753461d call 7ff827590080 2510->2519 2520 7ff8275344c7-7ff8275344dc 2510->2520 2513->2510 2514->2500 2514->2513 2522 7ff8275344de-7ff8275344f1 2520->2522 2523 7ff8275344f7-7ff8275344fc call 7ff82758f9c8 2520->2523 2522->2506 2522->2523 2523->2519 2539 7ff8275346ec-7ff827534700 call 7ff827550ce0 2536->2539 2540 7ff8275346d1-7ff8275346da 2536->2540 2546 7ff827534702-7ff827534714 2539->2546 2547 7ff827534734-7ff827534788 call 7ff827540950 call 7ff827532230 2539->2547 2541 7ff8275346df-7ff8275346e7 call 7ff827533270 2540->2541 2542 7ff8275346dc 2540->2542 2541->2539 2542->2541 2549 7ff82753472f call 7ff82758f9c8 2546->2549 2550 7ff827534716-7ff827534729 2546->2550 2556 7ff82753478d-7ff82753479a 2547->2556 2549->2547 2550->2549 2553 7ff8275348f7-7ff8275348fc call 7ff8275af500 2550->2553 2560 7ff8275348fd-7ff827534902 call 7ff8275af500 2553->2560 2558 7ff82753479c-7ff8275347b1 2556->2558 2559 7ff8275347d1-7ff827534805 call 7ff8275384b0 call 7ff827540950 call 7ff82753b150 2556->2559 2561 7ff8275347cc call 7ff82758f9c8 2558->2561 2562 7ff8275347b3-7ff8275347c6 2558->2562 2576 7ff82753483d-7ff827534850 call 7ff827550ce0 2559->2576 2577 7ff827534807-7ff82753481c 2559->2577 2568 7ff827534903-7ff827534908 call 7ff8275af500 2560->2568 2561->2559 2562->2560 2562->2561 2575 7ff827534909-7ff827534923 call 7ff8275af500 * 2 2568->2575 2575->2536 2587 7ff827534852-7ff827534864 2576->2587 2588 7ff827534885-7ff8275348f6 call 7ff827590080 2576->2588 2579 7ff82753481e-7ff827534831 2577->2579 2580 7ff827534837-7ff82753483c call 7ff82758f9c8 2577->2580 2579->2568 2579->2580 2580->2576 2590 7ff82753487f-7ff827534884 call 7ff82758f9c8 2587->2590 2591 7ff827534866-7ff827534879 2587->2591 2590->2588 2591->2575 2591->2590
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enumports '{}', {}, {:#x}, {}, {:#x}, {:#x}$system
                                                                                                                • API String ID: 3668304517-3364537058
                                                                                                                • Opcode ID: ca53e50c52178fed3e973a99f0a5d00b85fae1f386794cfad5a60a69671e9c9a
                                                                                                                • Instruction ID: ff667f758d1763115238531aa3c5e3011de79438ce1e871eae6db53fa4d15c4d
                                                                                                                • Opcode Fuzzy Hash: ca53e50c52178fed3e973a99f0a5d00b85fae1f386794cfad5a60a69671e9c9a
                                                                                                                • Instruction Fuzzy Hash: FB913572A187C585EA20CB56ED443AEA351FB867D0F504235EAAD43BE9DF7CE481C700
                                                                                                                Function 00007FF8275C6E14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 193COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2598 7ff8275c6e14-7ff8275c6e43 call 7ff8275c6d84 2601 7ff8275c70f9-7ff8275c710f call 7ff8275af530 2598->2601 2602 7ff8275c6e49-7ff8275c6e50 2598->2602 2603 7ff8275c6e56-7ff8275c6e63 2602->2603 2604 7ff8275c70f5-7ff8275c70f7 2602->2604 2606 7ff8275c6e71-7ff8275c6e77 2603->2606 2607 7ff8275c6e65-7ff8275c6e6b 2603->2607 2608 7ff8275c7093-7ff8275c70b0 2604->2608 2611 7ff8275c6fe2-7ff8275c705a call 7ff8275c7110 2606->2611 2612 7ff8275c6e7d-7ff8275c6e84 2606->2612 2607->2606 2610 7ff8275c7069-7ff8275c707c 2607->2610 2616 7ff8275c70b1-7ff8275c70b3 2610->2616 2617 7ff8275c707e-7ff8275c7081 2610->2617 2625 7ff8275c705d-7ff8275c7064 call 7ff8275c7110 2611->2625 2614 7ff8275c6e86-7ff8275c6ee8 call 7ff8275c7110 2612->2614 2615 7ff8275c6eed-7ff8275c6f24 call 7ff8275bd978 2612->2615 2632 7ff8275c6f6d-7ff8275c6f9b 2614->2632 2633 7ff8275c6f26-7ff8275c6f2d 2615->2633 2634 7ff8275c6f2f 2615->2634 2618 7ff8275c7090 2616->2618 2619 7ff8275c70b5-7ff8275c70b8 2616->2619 2617->2604 2623 7ff8275c7083-7ff8275c7085 2617->2623 2618->2608 2619->2618 2624 7ff8275c70ba-7ff8275c70bc 2619->2624 2623->2604 2628 7ff8275c7087-7ff8275c708a 2623->2628 2629 7ff8275c70c3-7ff8275c70d9 2624->2629 2630 7ff8275c70be-7ff8275c70c1 2624->2630 2625->2610 2628->2629 2635 7ff8275c708c-7ff8275c708e 2628->2635 2638 7ff8275c70db-7ff8275c70e1 2629->2638 2639 7ff8275c70e9-7ff8275c70f3 2629->2639 2630->2604 2630->2629 2636 7ff8275c6fb3-7ff8275c6fbf 2632->2636 2637 7ff8275c6f9d-7ff8275c6fb1 2632->2637 2640 7ff8275c6f36-7ff8275c6f67 2633->2640 2634->2640 2635->2618 2635->2629 2641 7ff8275c6fc1-7ff8275c6fe0 2636->2641 2637->2641 2642 7ff8275c70e5-7ff8275c70e7 2638->2642 2639->2642 2640->2632 2641->2625 2642->2608
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                • String ID: ?$Eastern Standard Time$Eastern Summer Time
                                                                                                                • API String ID: 474895018-688781733
                                                                                                                • Opcode ID: 1f8f1853e0287c507c433fde31f4f0adba883f7869710e2a82ee3ac69dc10873
                                                                                                                • Instruction ID: 1671e821661cb27667f6c7d054c1c237e078b4ba0240ab91f76f612491e2bb49
                                                                                                                • Opcode Fuzzy Hash: 1f8f1853e0287c507c433fde31f4f0adba883f7869710e2a82ee3ac69dc10873
                                                                                                                • Instruction Fuzzy Hash: C791AE72A182538BEB248F16AD4157DFBE1FB867C0F10453EEA4993AA4DB7CF4558B00
                                                                                                                Function 00007FF8275345AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 3668304517-2202528157
                                                                                                                • Opcode ID: 7ca1bd24761495eee964530ec7ee32b64daa008283755ba4a70e0f6de0c42d80
                                                                                                                • Instruction ID: cfc5aa311274a765205aac633d964e408c53107e3cfcbd63aa3cbf8a3b3cc2ed
                                                                                                                • Opcode Fuzzy Hash: 7ca1bd24761495eee964530ec7ee32b64daa008283755ba4a70e0f6de0c42d80
                                                                                                                • Instruction Fuzzy Hash: 47715062A186C542FA149B56ED4536EA251FB877E0F504232EAAD43BEADF7CE481C700
                                                                                                                Function 00007FF82753488C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_openport '{}', {:#x}$system
                                                                                                                • API String ID: 3668304517-2202528157
                                                                                                                • Opcode ID: c8c3eb0ad650273b184d8eff6caae649ff6c7c2527569d56c66250ae953083db
                                                                                                                • Instruction ID: 982cbcb9599a6dbefb3d6d85c19e96c17c369454cea8676de268c08c565cf913
                                                                                                                • Opcode Fuzzy Hash: c8c3eb0ad650273b184d8eff6caae649ff6c7c2527569d56c66250ae953083db
                                                                                                                • Instruction Fuzzy Hash: AD611062A186C542FA149B56ED4437EE251EB877E0F504235E6AD43BE9DF7CF481C700
                                                                                                                Function 00007FF827531FB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 143COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -$D$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp
                                                                                                                • API String ID: 0-2824907369
                                                                                                                • Opcode ID: e9f282ef24ae4a1e4774fbe6107df8e206b6e1acd7932981b2cc2ebe36cbc2c7
                                                                                                                • Instruction ID: 10d7a6499cc49084692a33facfdc86367a8640b90c27dfcfdbaef93b8a832bb7
                                                                                                                • Opcode Fuzzy Hash: e9f282ef24ae4a1e4774fbe6107df8e206b6e1acd7932981b2cc2ebe36cbc2c7
                                                                                                                • Instruction Fuzzy Hash: D3512072908BC981EA258B19E9413EEB361FBDA7E0F405225DA9D537A5DF7CE181CB00
                                                                                                                Function 00007FF82758DC40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateDirectoryExW.KERNEL32(?,?,?,?,?,?,00000000,00007FF82758DAC0), ref: 00007FF82758DC96
                                                                                                                • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF82758DAC0), ref: 00007FF82758DCAA
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF82758DAC0), ref: 00007FF82758DCC6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectory$ErrorLast
                                                                                                                • String ID: boost::filesystem::create_directory
                                                                                                                • API String ID: 2485089472-2941204237
                                                                                                                • Opcode ID: 007bc1e7fd6e910ffc57d43d67501cef627aadd5a2bb581c2b553780733c0d17
                                                                                                                • Instruction ID: 3e1a1ed21d24da4690efbc70d504872923c94828d52ae5e260e2748b723acbab
                                                                                                                • Opcode Fuzzy Hash: 007bc1e7fd6e910ffc57d43d67501cef627aadd5a2bb581c2b553780733c0d17
                                                                                                                • Instruction Fuzzy Hash: 2A218C72A18B8583EA008B27AD4426EA3A1FF9ABC4F544232EA5C16754DF7CE5C48780
                                                                                                                Function 00007FF827531B48 Relevance: 6.2, APIs: 4, Instructions: 177COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 1fd69918d1b78a9487610545b94b45f1a8ba85f29e19ee492c88cf7ca52c4b5f
                                                                                                                • Instruction ID: 9ada50f4a97a34b2d2d65628b0dbfa035392bd8e54c79b95d41c2aab10ba28eb
                                                                                                                • Opcode Fuzzy Hash: 1fd69918d1b78a9487610545b94b45f1a8ba85f29e19ee492c88cf7ca52c4b5f
                                                                                                                • Instruction Fuzzy Hash: C951A762A08BC541FA608B2AED453ADE351FB8A7F0F505731DAAD42AD5EF6CE485C700
                                                                                                                Function 00007FF8275461CE Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1944019136-0
                                                                                                                • Opcode ID: 95d9086bc322ea187d19a88a063d615cdff346d377ad23e8976794a244b44ec6
                                                                                                                • Instruction ID: 841d0cbbedbc72492a548286d4a741ed0c2ab19b9ca3920d1fc25a25f575d35d
                                                                                                                • Opcode Fuzzy Hash: 95d9086bc322ea187d19a88a063d615cdff346d377ad23e8976794a244b44ec6
                                                                                                                • Instruction Fuzzy Hash: 3251C062B18B8685FB048F26DE553AC6362EB4ABD8F409231DA6D176D6DF6CF180C340
                                                                                                                Function 00007FF82758E2E0 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLast$Create$AttributesCloseHandle_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 1118509424-0
                                                                                                                • Opcode ID: 9837b0598cf6e4b88df2231395c2c102c2a831a68e168d3d07daa744a7a21222
                                                                                                                • Instruction ID: 35ba78986467d2466607598f3986bab3c415adde755bfc3bc1416a9ce716b21a
                                                                                                                • Opcode Fuzzy Hash: 9837b0598cf6e4b88df2231395c2c102c2a831a68e168d3d07daa744a7a21222
                                                                                                                • Instruction Fuzzy Hash: 4A41B572A0868587F6008B26ED4426EF361FB86BE4F504331EAAD03AE5DF7CF4858700
                                                                                                                Function 00007FF82758D720 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: boost::filesystem::create_directories
                                                                                                                • API String ID: 3668304517-2171239142
                                                                                                                • Opcode ID: dba03865d2df6df9b6de8d63bc1592751c8d103480e3bdb75d9ac8049b38e561
                                                                                                                • Instruction ID: 17cf309861a700f0a031e7cd06aa8bf5073e3eae6b7061643a586509103d506b
                                                                                                                • Opcode Fuzzy Hash: dba03865d2df6df9b6de8d63bc1592751c8d103480e3bdb75d9ac8049b38e561
                                                                                                                • Instruction Fuzzy Hash: 02E1C222E18B4196FB00CB76DD412EDA3B1FF963C8F505132EA5D56AA9EF38E585C700
                                                                                                                Function 00007FF827532230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: M
                                                                                                                • API String ID: 3668304517-3664761504
                                                                                                                • Opcode ID: 3107a5008e12f65701533c098d7dea3639e10eaeca1ac7e876789de4be8b84c9
                                                                                                                • Instruction ID: 533d9f1fc637058ecc3a5873e053a415864464f71284af848117264983985d53
                                                                                                                • Opcode Fuzzy Hash: 3107a5008e12f65701533c098d7dea3639e10eaeca1ac7e876789de4be8b84c9
                                                                                                                • Instruction Fuzzy Hash: 83413562908BC941EA208B26E9413AEA351FBDA7E4F505335EAED53BD5DF3CE184C700
                                                                                                                Function 00007FF8275939B0 Relevance: 4.6, APIs: 3, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$Release$Acquire
                                                                                                                • String ID:
                                                                                                                • API String ID: 3905473038-0
                                                                                                                • Opcode ID: 2e590f2674aa9b0812288af86a94b220a4f21484616eac7f13533fbd86756e4d
                                                                                                                • Instruction ID: ad761f7bbff4c9b3364210d0af6c8b2abde4b70b3e2cf8b50758b5b8999d7a86
                                                                                                                • Opcode Fuzzy Hash: 2e590f2674aa9b0812288af86a94b220a4f21484616eac7f13533fbd86756e4d
                                                                                                                • Instruction Fuzzy Hash: 50416022619681C6EA10DB52ED003AFE760FB87BC4F540031EA8E07B95DF7DE989C740
                                                                                                                Function 00007FF827569924 Relevance: 4.6, APIs: 3, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                • String ID:
                                                                                                                • API String ID: 2115809835-0
                                                                                                                • Opcode ID: fc691fa428fbf0c228385af9e61f0e509e62e1a4f33c765ab7554d57315ab343
                                                                                                                • Instruction ID: fef39bbc4d237babf0b32f72ddd5bcfba1ac8d3dcc78badc553af01bd8b3e9ba
                                                                                                                • Opcode Fuzzy Hash: fc691fa428fbf0c228385af9e61f0e509e62e1a4f33c765ab7554d57315ab343
                                                                                                                • Instruction Fuzzy Hash: 39416C32A18B4581EB18DF16EE9026DA364FB89FC4F044436DE5E47B69EF38E951C340
                                                                                                                Function 00007FF827531DD0 Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 0edddcd720a00623d1d42d6867c5cec2f7dea9098ec544ee85ddf9411d717aee
                                                                                                                • Instruction ID: c014e1aa8554d29a5662f9d17bc3a24488b63cf8372361ede83b7a2561b66fef
                                                                                                                • Opcode Fuzzy Hash: 0edddcd720a00623d1d42d6867c5cec2f7dea9098ec544ee85ddf9411d717aee
                                                                                                                • Instruction Fuzzy Hash: 3E417062A08BC945EA208B65E9403AEE351FB8A7E0F505735DAED03AE5DF7CE085C700
                                                                                                                Function 00007FF8275364A0 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 65101c9deca7a25b1147728722689f3f5ba8933e7cce72319879418176dbcb29
                                                                                                                • Instruction ID: 8f48eb003616a2783adfe03bad8faeafe53e0ec3adab63fd64b1c740d72e5519
                                                                                                                • Opcode Fuzzy Hash: 65101c9deca7a25b1147728722689f3f5ba8933e7cce72319879418176dbcb29
                                                                                                                • Instruction Fuzzy Hash: AC418562A08BC541EA208B25E9413AEE350FB8A7E0F505335DAEC52AD9DF7CE484C700
                                                                                                                Function 00007FF827532660 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 14a2119432510d03cb9c40f8e152fd372de9dd52c48d07550aac4fe4992287ef
                                                                                                                • Instruction ID: a8c116546d5ffd21af9a4711885efe776e3404ccace7965eea6fc8838f59a8d1
                                                                                                                • Opcode Fuzzy Hash: 14a2119432510d03cb9c40f8e152fd372de9dd52c48d07550aac4fe4992287ef
                                                                                                                • Instruction Fuzzy Hash: 0A415262A08BC541FA609B26E9453AEE351FB8A7E0F509331DAEC53AD5DF7CE485C700
                                                                                                                Function 00007FF827542910 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LockShared$AcquireRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 2614130328-0
                                                                                                                • Opcode ID: 4041916c8a9de80b3a848d82d8c8b1136a187f585f171b7b2c9444fc03af898e
                                                                                                                • Instruction ID: 23e04948e6e1dcc9cc319475de83e383e0aeaed53b971ad521adcf19938a383a
                                                                                                                • Opcode Fuzzy Hash: 4041916c8a9de80b3a848d82d8c8b1136a187f585f171b7b2c9444fc03af898e
                                                                                                                • Instruction Fuzzy Hash: 04216F32618B4292DB04DF62DD100AEA3A4FB86BD4F440432EA8E03759DF3CF595C780
                                                                                                                Function 00007FF827544AA0 Relevance: 3.1, APIs: 2, Instructions: 54threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentEventThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2592414440-0
                                                                                                                • Opcode ID: 4b05e70850662d3672d1e4ff58b681fe7956ec6eb8431c754c2e462850123788
                                                                                                                • Instruction ID: 16d175f232eee1bcf2dace15d7f122b0b92512959862772781332897b4470468
                                                                                                                • Opcode Fuzzy Hash: 4b05e70850662d3672d1e4ff58b681fe7956ec6eb8431c754c2e462850123788
                                                                                                                • Instruction Fuzzy Hash: 2A118F3294875186EB118F67EE1427EE3A0FB46BD4F188030DE4D87255DE3CE8429654
                                                                                                                Function 00007FF82753F230 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 73155330-0
                                                                                                                • Opcode ID: 489b3f75d26c866c93e03c5cae1d59adc0d89b6b2788742a0e5f4c72fc48442c
                                                                                                                • Instruction ID: e0e1fdee1dfa2d5f42c172db6bebc6d4483110205ab4dfe7a6506a415f6e3b93
                                                                                                                • Opcode Fuzzy Hash: 489b3f75d26c866c93e03c5cae1d59adc0d89b6b2788742a0e5f4c72fc48442c
                                                                                                                • Instruction Fuzzy Hash: 3BF04956F1A20386FD59A2629E466BD92804F5F7F0F940B30EA3D463E1EE1DB5D28240
                                                                                                                Function 00007FF82758F98C Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1173176844-0
                                                                                                                • Opcode ID: bfa3f73c53d3899c4e4b8057170e3eef8a873afb7a35c0b966aa32a07a688ece
                                                                                                                • Instruction ID: f0811cab61d3a70c01193d8bdb81f7b32662202c46218706a9afd58f8f97dc61
                                                                                                                • Opcode Fuzzy Hash: bfa3f73c53d3899c4e4b8057170e3eef8a873afb7a35c0b966aa32a07a688ece
                                                                                                                • Instruction Fuzzy Hash: 35E0B641E1A10717F95825A31F0507C80400F4B3F4F182B34EA7D482C7FD1CB4918151
                                                                                                                Function 00007FF82758DE20 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 067e0a2ede249a6ecf98f382bcefb1abdf032335135c8c2eb1af27ab21131d2e
                                                                                                                • Instruction ID: 0fea741a9b2498eba06ea1bba47b2d7ec24887852eba38343c0d6bbc12f6a473
                                                                                                                • Opcode Fuzzy Hash: 067e0a2ede249a6ecf98f382bcefb1abdf032335135c8c2eb1af27ab21131d2e
                                                                                                                • Instruction Fuzzy Hash: 0D510516A047D286FE249757CE4027DA2E0EF5ABD8F148533EE6C02199EF2CF9C39200
                                                                                                                Function 00007FF82758BC60 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668304517-0
                                                                                                                • Opcode ID: 92d68f8282a36739e09a2eb55d3f2eaf0d0153779aa3472df9bc49d80ba975cd
                                                                                                                • Instruction ID: 9e0e2f1177fbfe6f41826feeb2e6f7f35d0f0860e2d2800bf23c9f1df2dfbe0a
                                                                                                                • Opcode Fuzzy Hash: 92d68f8282a36739e09a2eb55d3f2eaf0d0153779aa3472df9bc49d80ba975cd
                                                                                                                • Instruction Fuzzy Hash: D731D852B18A8652FD509B2BDD442BDD361FB8ABD4F505232EA6D03BE9DE2CF5C18200
                                                                                                                Function 00007FF827592DC0 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::bad_alloc::bad_alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1875163511-0
                                                                                                                • Opcode ID: 74e9ce78f4ab1bd9e249828d32a3bf293c6adbe2d1b9a21462d7864eb24ca539
                                                                                                                • Instruction ID: 46857ff9406d12a7a8fb3316a3c42f5e294e301adcc82af701b07e322e639ff6
                                                                                                                • Opcode Fuzzy Hash: 74e9ce78f4ab1bd9e249828d32a3bf293c6adbe2d1b9a21462d7864eb24ca539
                                                                                                                • Instruction Fuzzy Hash: D6416FB2504FA081D748CB01E888A9D73ECFB497C0F668639D7AC83725EFB68965C340
                                                                                                                Function 00007FF8275535D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcsftime
                                                                                                                • String ID:
                                                                                                                • API String ID: 2902305603-0
                                                                                                                • Opcode ID: 18733296c6fc2a13b6026d2f43dbf3078b6a882461142f725cb917f089e54d63
                                                                                                                • Instruction ID: 949468862f747867db70f1bc580a0a45f6affb30d6b8101efa4599f90a29ffa1
                                                                                                                • Opcode Fuzzy Hash: 18733296c6fc2a13b6026d2f43dbf3078b6a882461142f725cb917f089e54d63
                                                                                                                • Instruction Fuzzy Hash: 23115122918BC582E7108B25E9103AEB360FB99794F415335EB9D0369ADF3CE194CB40
                                                                                                                Function 00007FF82756821E Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Yarn
                                                                                                                • String ID:
                                                                                                                • API String ID: 1767336200-0
                                                                                                                • Opcode ID: 3bad47fc20e5b370e8354abd527ce64a3079c3ab38b1f670d16373436543a2ee
                                                                                                                • Instruction ID: 56aaac3c0d441f32ad98ce02b22fc1c6cdf6ac2796f7db76f0a6ee0a1572631d
                                                                                                                • Opcode Fuzzy Hash: 3bad47fc20e5b370e8354abd527ce64a3079c3ab38b1f670d16373436543a2ee
                                                                                                                • Instruction Fuzzy Hash: F5D0A92270A74082DA445B3FAA8105EA701AB47BC4798A030DB4D13747CE2CE0B18304
                                                                                                                Function 00007FF82754D73A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterInit_thread_footerLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 3960375172-0
                                                                                                                • Opcode ID: e05873258c21d9d6726ab9171bad3dfa8df11c24947226a3b163f8f1d0d13104
                                                                                                                • Instruction ID: 3ba39c41cea7d2042b6be353b2eedaa83f1771130a2f481d3c32bc9764c54661
                                                                                                                • Opcode Fuzzy Hash: e05873258c21d9d6726ab9171bad3dfa8df11c24947226a3b163f8f1d0d13104
                                                                                                                • Instruction Fuzzy Hash: 2CC08C11E4A00252FA40A703DD4107C6200AF9B3C0F900031C91C412F2DE1CBAC2C300
                                                                                                                Function 00007FF8275C7A24 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF8275C8E29,?,?,00000000,00007FF8275CD477,?,?,?,00007FF8275C0D47,?,?,?,00007FF8275C0C3D), ref: 00007FF8275C7A62
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 4292702814-0
                                                                                                                • Opcode ID: c655de3a03ebdb59e83dc757475d45e319a98e80281b330fbb181e0c2f35ef9c
                                                                                                                • Instruction ID: 794eed0e174b2e930c355ef10b684750ab1e8ed6ff2a7733630ce51b5f30f0d1
                                                                                                                • Opcode Fuzzy Hash: c655de3a03ebdb59e83dc757475d45e319a98e80281b330fbb181e0c2f35ef9c
                                                                                                                • Instruction Fuzzy Hash: 81F05812A5D20741FF646AA35F003BD91819F4BBE0F0C1A38DD2E867C5EE2CBA408214

                                                                                                                Non-executed Functions

                                                                                                                Function 00007FF827534930 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 438COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __tlregdtor
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$Unknown exception$monitor_readport {:#x}, {:#x}, {}, {:#x}$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                • API String ID: 1373327856-2181671907
                                                                                                                • Opcode ID: 2a1fd2fa96034718b7ec5beb2b1bb4add0ecae22c91cdb46dbfd3557caa256d1
                                                                                                                • Instruction ID: eb52d75eedd06b7da7aa7e834292ef096b530962b30399396324859f5006ac66
                                                                                                                • Opcode Fuzzy Hash: 2a1fd2fa96034718b7ec5beb2b1bb4add0ecae22c91cdb46dbfd3557caa256d1
                                                                                                                • Instruction Fuzzy Hash: C4026462A18B8145EB10DB66ED443AEB3A1FB867D0F504235EA9D43BE6DF7CE485C700
                                                                                                                Function 00007FF82758F390 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 393COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: , "$: "$Unknown exception
                                                                                                                • API String ID: 3668304517-2574047376
                                                                                                                • Opcode ID: 5e97bf10df9d1eb7cab841b6521a8eb297c07c90947b314296e111555341ed56
                                                                                                                • Instruction ID: dcb3b6721fd3e91a57dd157489097a5323c2f8069bd1487a060c9f0a1d34ab5e
                                                                                                                • Opcode Fuzzy Hash: 5e97bf10df9d1eb7cab841b6521a8eb297c07c90947b314296e111555341ed56
                                                                                                                • Instruction Fuzzy Hash: 26F18D62A18B8582FA14CB16EE4436DA361FB8ABC4F604632DA6D077E5DF7DF581C700
                                                                                                                Function 00007FF8275CF2C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF8275C19C8: GetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19D7
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsGetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19EC
                                                                                                                  • Part of subcall function 00007FF8275C19C8: SetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A77
                                                                                                                • TranslateName.LIBCMT ref: 00007FF8275CF32A
                                                                                                                • TranslateName.LIBCMT ref: 00007FF8275CF365
                                                                                                                • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF8275C254C), ref: 00007FF8275CF3AC
                                                                                                                • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF8275C254C), ref: 00007FF8275CF3E4
                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF8275CF5A1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                                                • String ID: utf8
                                                                                                                • API String ID: 3069159798-905460609
                                                                                                                • Opcode ID: 37f11421dc2132e4ffe25310b4cf11757d77ae7a0c59ff0f24b4533fed8a8ebb
                                                                                                                • Instruction ID: f39303ac389c80841be87aa55d077aa8eaffb140fca373c386513a281dcced25
                                                                                                                • Opcode Fuzzy Hash: 37f11421dc2132e4ffe25310b4cf11757d77ae7a0c59ff0f24b4533fed8a8ebb
                                                                                                                • Instruction Fuzzy Hash: 2B916A36A0874692EB649F22EE417BDA2A4AB47BC0F444139DE4C477C6DF3CF9518340
                                                                                                                Function 00007FF8275CFD08 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF8275C19C8: GetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19D7
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsGetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19EC
                                                                                                                  • Part of subcall function 00007FF8275C19C8: SetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A77
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A0D
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1AAD
                                                                                                                • GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF8275CFE78
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A3A
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A4B
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A5C
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1ACC
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1AF4
                                                                                                                • EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF8275C2545), ref: 00007FF8275CFE5F
                                                                                                                • ProcessCodePage.LIBCMT ref: 00007FF8275CFEA2
                                                                                                                • IsValidCodePage.KERNEL32 ref: 00007FF8275CFEB4
                                                                                                                • IsValidLocale.KERNEL32 ref: 00007FF8275CFECA
                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF8275CFF26
                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF8275CFF42
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2591520935-0
                                                                                                                • Opcode ID: 1931e90432234414db037ea1513d768840d9b4d37efe28106a2ebd7ae506fed7
                                                                                                                • Instruction ID: 0516929779ad3d80f1b126977d0361baf7dc7572138752606f3fef8893c64fa3
                                                                                                                • Opcode Fuzzy Hash: 1931e90432234414db037ea1513d768840d9b4d37efe28106a2ebd7ae506fed7
                                                                                                                • Instruction Fuzzy Hash: 76715B63B086428AEB609B62EE507BDA3A4BF4B788F444439DE0D576D5EF3CB845C350
                                                                                                                Function 00007FF8275AF214 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1239891234-0
                                                                                                                • Opcode ID: ca6b45c33ff49a47647ea71850c73a1221297c154a1e89d9f3aed8cbb7f5b5df
                                                                                                                • Instruction ID: c4d9617a067584938a3a5b5fb39baba30d9646e69e2a661a1743929e4a8c6a1d
                                                                                                                • Opcode Fuzzy Hash: ca6b45c33ff49a47647ea71850c73a1221297c154a1e89d9f3aed8cbb7f5b5df
                                                                                                                • Instruction Fuzzy Hash: 02318636A18B8186DB60CF26ED442AEB3A4FF86798F540136EA9D43B95DF3CD545CB00
                                                                                                                Function 00007FF82759F5F0 Relevance: 4.5, APIs: 3, Instructions: 44memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcessstd::bad_alloc::bad_alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3165967205-0
                                                                                                                • Opcode ID: cedd67f0530c4bdf04a9dcf01429dd2ed326bf10b6dbde9e3c51e251294976a7
                                                                                                                • Instruction ID: e0dc27f337a464a05db4f583515a82263d87f925571c531af766f0b3ce7c7112
                                                                                                                • Opcode Fuzzy Hash: cedd67f0530c4bdf04a9dcf01429dd2ed326bf10b6dbde9e3c51e251294976a7
                                                                                                                • Instruction Fuzzy Hash: 7DF03A72A0AB4582DA049B17ED5006DB3A0BB8ABC0B448035EA9D03769EE3DE964C704
                                                                                                                Function 00007FF8275C3BD4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale
                                                                                                                • String ID: GetLocaleInfoEx
                                                                                                                • API String ID: 2299586839-2904428671
                                                                                                                • Opcode ID: 72be10784b72832793fc8366c21f21e44d8c05a0122345b28a350d4f2194a516
                                                                                                                • Instruction ID: c67f571b96c191d969fb6dbed86e0807b3230c2499465b25e38cc0acd2ca1c9b
                                                                                                                • Opcode Fuzzy Hash: 72be10784b72832793fc8366c21f21e44d8c05a0122345b28a350d4f2194a516
                                                                                                                • Instruction Fuzzy Hash: 6701A721B0868286EB448B57BD001AEE360EF86BC0F54443AEF4D03B59CE3CF5418344
                                                                                                                Function 00007FF8275CF61C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF8275C19C8: GetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19D7
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsGetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19EC
                                                                                                                  • Part of subcall function 00007FF8275C19C8: SetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A77
                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF8275CFE0B,?,00000000,00000092,?,?,00000000,?,00007FF8275C2545), ref: 00007FF8275CF6BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3029459697-0
                                                                                                                • Opcode ID: f17b4d54490848437cabf8c8bb0b3ec77cf7a560ebe2a93367acbc6783ff5b3c
                                                                                                                • Instruction ID: 29c83340038ef8728dca00af0748be9f50f199fa398611815a7d17f115f206c7
                                                                                                                • Opcode Fuzzy Hash: f17b4d54490848437cabf8c8bb0b3ec77cf7a560ebe2a93367acbc6783ff5b3c
                                                                                                                • Instruction Fuzzy Hash: 0A11E463A086858AEB148F16DE403ADBBA1FB92BE0F558139DA69433D0DF78E5D1C740
                                                                                                                Function 00007FF8275CF6EC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF8275C19C8: GetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19D7
                                                                                                                  • Part of subcall function 00007FF8275C19C8: FlsGetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19EC
                                                                                                                  • Part of subcall function 00007FF8275C19C8: SetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A77
                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF8275CFDC7,?,00000000,00000092,?,?,00000000,?,00007FF8275C2545), ref: 00007FF8275CF76A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3029459697-0
                                                                                                                • Opcode ID: 6cb4ae7a27bccade1f3911f95730409eedef0266c63d0a4336f8648e77ba1ecd
                                                                                                                • Instruction ID: 724846ed7fbe4098c84511926aa57ca1d273eee3411ec85dd71a5b2124b9b221
                                                                                                                • Opcode Fuzzy Hash: 6cb4ae7a27bccade1f3911f95730409eedef0266c63d0a4336f8648e77ba1ecd
                                                                                                                • Instruction Fuzzy Hash: 5A01B573E0828246EB104F17ED417BDB6E1EB427E4F458236EA69476D4CF6CB485C700
                                                                                                                Function 00007FF8275C3694 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF8275C3AE3,?,?,?,?,?,?,?,?,00000000,00007FF8275CEC6C), ref: 00007FF8275C36E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 2099609381-0
                                                                                                                • Opcode ID: dbbdd8e3c2ff4ff881c507632eca620094f3fe5f8a10d513439e89c4835d3bb2
                                                                                                                • Instruction ID: 5858a689142aec70eb00f2aedabcdc42693da13e18bfeede3c20fde25e789381
                                                                                                                • Opcode Fuzzy Hash: dbbdd8e3c2ff4ff881c507632eca620094f3fe5f8a10d513439e89c4835d3bb2
                                                                                                                • Instruction Fuzzy Hash: 83F0A471704B4183E700DB2AFD805AD73A1FB9A7C0F149135DA5D83765CE3CE4918708
                                                                                                                Function 00007FF82758DD20 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ControlDevice
                                                                                                                • String ID:
                                                                                                                • API String ID: 2352790924-0
                                                                                                                • Opcode ID: ef37697240e9b9b532abba435e575474f1f94094ad7b691b50bd68e831503dda
                                                                                                                • Instruction ID: 88409b9759f7296b50ade40f145ed65e8b7538e763d0780670e1f85c0e344f90
                                                                                                                • Opcode Fuzzy Hash: ef37697240e9b9b532abba435e575474f1f94094ad7b691b50bd68e831503dda
                                                                                                                • Instruction Fuzzy Hash: A6F08C72A18B9083E7508B52F94122EF7A5E789BD0F544035FB8953B58CF7CE8818B44
                                                                                                                Function 00007FF82758A80C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoLocale
                                                                                                                • String ID:
                                                                                                                • API String ID: 2299586839-0
                                                                                                                • Opcode ID: d8f5d480c7471aa2c48bbabab8ad8addd9c7980aa48f61ee73e4df2197183f8b
                                                                                                                • Instruction ID: e179cc8179dd2c59b1ad3241f8f5d241c2138ae2e6929651b710a1331e24a36a
                                                                                                                • Opcode Fuzzy Hash: d8f5d480c7471aa2c48bbabab8ad8addd9c7980aa48f61ee73e4df2197183f8b
                                                                                                                • Instruction Fuzzy Hash: 55F08272D2C04283F3685B16CE6573C9250EB42380F000139F61E42294DE1DF5868B55
                                                                                                                Function 00007FF82756A60C Relevance: .0, Instructions: 5COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bab1dd7a4a98667a09578d290a5d6513d153ec718e945452f4c5895b7b3de5ec
                                                                                                                • Instruction ID: fcb52840ab30b9915c828984d73a47b3779b2aaf4577b6ddd7c27c6b8bd4f989
                                                                                                                • Opcode Fuzzy Hash: bab1dd7a4a98667a09578d290a5d6513d153ec718e945452f4c5895b7b3de5ec
                                                                                                                • Instruction Fuzzy Hash: 15C04821E0DA03C0EE550B46AE48539A3A0BF06780B080036E40C002A0EF3CBC408219
                                                                                                                Function 00007FF8275A8DDC Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                • API String ID: 2943138195-1482988683
                                                                                                                • Opcode ID: e6776e99f1d8b532013487e897ad1cb86ef6bf3cb326bb66d969eda1c85b139c
                                                                                                                • Instruction ID: b3b5e76729dc7400598ffa14a7aefd519c04e582537147d1c77ba446514817be
                                                                                                                • Opcode Fuzzy Hash: e6776e99f1d8b532013487e897ad1cb86ef6bf3cb326bb66d969eda1c85b139c
                                                                                                                • Instruction Fuzzy Hash: F3029072E18A2689FB15CB66DE951BCB7B1BF463C4F90413ACA0D12A98DF7DB505C380
                                                                                                                Function 00007FF827539070 Relevance: 46.0, APIs: 17, Strings: 9, Instructions: 466COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseHandleMtx_unlock$BuffersDeleteFileFlushOpenPrinter
                                                                                                                • String ID: ,$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$couldn't rename file$file not found$finalizing PCL '{}'$port object {:#x} is not present in the list${}\temp_{}${}\{}
                                                                                                                • API String ID: 2285465158-3467645581
                                                                                                                • Opcode ID: 46798f62e00e44115ed4d33066c8bdc2a35b226a3d448c3b77b6dfa114ca1a07
                                                                                                                • Instruction ID: 2c430899490665e7eec6097595656ce3564cd69ab3602bf02457181ff86501c5
                                                                                                                • Opcode Fuzzy Hash: 46798f62e00e44115ed4d33066c8bdc2a35b226a3d448c3b77b6dfa114ca1a07
                                                                                                                • Instruction Fuzzy Hash: DD225372A09BC281EA60DB16ED443EEA365FB867D4F505231DADD02AE9DF7CE584C700
                                                                                                                Function 00007FF82753D070 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 307fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Mtx_unlock_invalid_parameter_noinfo_noreturn$CloseFileHandleOpenPrinterWrite
                                                                                                                • String ID: ,$C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$OpenPrinterW ('{}', {:#x} -> {:#x}, NULL) -> {}$monitor_readport {:#x}, {:#x}, {}, {:#x}$no file handle to write$port object {:#x} is not present in the list
                                                                                                                • API String ID: 2124777539-1360970229
                                                                                                                • Opcode ID: e40f126bba8539673b343367555e11911144582e47336496d197a4beed0d9d35
                                                                                                                • Instruction ID: 2c9d47d7ba87984de118d174df6cf15112ec8a5a7e47b6789f18119793f3402c
                                                                                                                • Opcode Fuzzy Hash: e40f126bba8539673b343367555e11911144582e47336496d197a4beed0d9d35
                                                                                                                • Instruction Fuzzy Hash: FED16D72A18B8586EB109B66EE402ADA371FB867D4F505135EE9D03BA9DF3CF445C700
                                                                                                                Function 00007FF8275AC65C Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 289COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                                                                • String ID: `anonymous namespace'
                                                                                                                • API String ID: 3863519203-3062148218
                                                                                                                • Opcode ID: e1e74c6b6722db3deb773fd6668ba918d02a5f8ccd01f8ddbc285da4b3b465b2
                                                                                                                • Instruction ID: ded951e48062f7ec8a3da9f33dabe6fe63d440c68d18771fed9cc8938cfdd218
                                                                                                                • Opcode Fuzzy Hash: e1e74c6b6722db3deb773fd6668ba918d02a5f8ccd01f8ddbc285da4b3b465b2
                                                                                                                • Instruction Fuzzy Hash: 77E17C72A09B869AEB10CF26ED811ADB7A0FB467C4F808436EB4D17B55EF78E554C700
                                                                                                                Function 00007FF827533270 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 304COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 73155330-3963725590
                                                                                                                • Opcode ID: 0eb9e812d494dc93a9c2e6a9df09b8424a1a56cb84adce7d2752fc10af6ebcfc
                                                                                                                • Instruction ID: ab20a17c7d71cf020c5047749c6c20c56874689951c1c814c79141a06589a961
                                                                                                                • Opcode Fuzzy Hash: 0eb9e812d494dc93a9c2e6a9df09b8424a1a56cb84adce7d2752fc10af6ebcfc
                                                                                                                • Instruction Fuzzy Hash: 06C18462A186C645FA149B16EE553BEE251EF87BE0F504631DAAD07BE6DF6CF480C300
                                                                                                                Function 00007FF82753B410 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 182registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't open registry key 'HKLM\{}'$couldn't set 'name' value for key$name$set 'name' value to '{}'
                                                                                                                • API String ID: 31251203-231907547
                                                                                                                • Opcode ID: 948e74f6c44357855d1a60d8d9e16e0bfb4864f318f444544f05049ad629e593
                                                                                                                • Instruction ID: 1cc3685bee6162b508e509ed4512456b45d24cf455b02eeedd3ff4467b29a14a
                                                                                                                • Opcode Fuzzy Hash: 948e74f6c44357855d1a60d8d9e16e0bfb4864f318f444544f05049ad629e593
                                                                                                                • Instruction Fuzzy Hash: 87719C72B14A4285FB00DBA6DD443AC6362FB4A7E8F504636DA6D53AE9DF38E481C300
                                                                                                                Function 00007FF8275A0E20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Event$CloseHandle$Create$CurrentObjectOpenProcessResetSingleWait
                                                                                                                • String ID: e-flag
                                                                                                                • API String ID: 354184465-538632313
                                                                                                                • Opcode ID: 3e62840c371be89110774ddf9dfb6b2302cc5c6bdf74e30139e87b36c504c625
                                                                                                                • Instruction ID: c66555638a5f067fe6728e08c19c34bbafc0822e3cc94f329ad7c00c2462ddc6
                                                                                                                • Opcode Fuzzy Hash: 3e62840c371be89110774ddf9dfb6b2302cc5c6bdf74e30139e87b36c504c625
                                                                                                                • Instruction Fuzzy Hash: 4071553261C68186E7518B26EE4033EF7A0EF8A7E4F545235E69D46A99DF3DF4848B00
                                                                                                                Function 00007FF8275AAB38 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID:
                                                                                                                • API String ID: 2943138195-0
                                                                                                                • Opcode ID: b39d1213a9eb440df052bc55e7b3a4a8f23788f98588c313a4ec68cea227d173
                                                                                                                • Instruction ID: 1fb015aa7117edd9e2def3a7eb97df92a5917f0d081f50072babb0eb133dbf6e
                                                                                                                • Opcode Fuzzy Hash: b39d1213a9eb440df052bc55e7b3a4a8f23788f98588c313a4ec68cea227d173
                                                                                                                • Instruction Fuzzy Hash: 11F18D76F08A469AEB10DF66DD911FCB7B0BB0538CB404036EA4D57A99DF38E915C384
                                                                                                                Function 00007FF8275AD464 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameName::$Name::operator+
                                                                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                • API String ID: 826178784-2441609178
                                                                                                                • Opcode ID: 50959655bfd714af9298605542fdc944d11e2181312bdffe6824512e5a51554b
                                                                                                                • Instruction ID: 3a326e510052697ac0b6dc800aab5ddef0837917ca23f6fed1268591ffc29223
                                                                                                                • Opcode Fuzzy Hash: 50959655bfd714af9298605542fdc944d11e2181312bdffe6824512e5a51554b
                                                                                                                • Instruction Fuzzy Hash: 38F16A22E0875288FB14AB67DFA51BCA7A0BF077C4F454136DA0E27A99DF3DB9458340
                                                                                                                Function 00007FF82753ACC0 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 247COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF827540460: GetTempPathW.KERNEL32 ref: 00007FF8275404AA
                                                                                                                  • Part of subcall function 00007FF827540460: GetLastError.KERNEL32 ref: 00007FF8275404B4
                                                                                                                  • Part of subcall function 00007FF827540460: WideCharToMultiByte.KERNEL32 ref: 00007FF827540533
                                                                                                                  • Part of subcall function 00007FF827540460: WideCharToMultiByte.KERNEL32 ref: 00007FF82754056C
                                                                                                                  • Part of subcall function 00007FF8275402F0: WideCharToMultiByte.KERNEL32 ref: 00007FF8275403C0
                                                                                                                  • Part of subcall function 00007FF8275402F0: WideCharToMultiByte.KERNEL32 ref: 00007FF8275403F9
                                                                                                                  • Part of subcall function 00007FF8275402F0: CoTaskMemFree.OLE32 ref: 00007FF827540407
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753B064
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753B06A
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753B070
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn$ErrorFreeLastPathTaskTemp
                                                                                                                • String ID: $C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinter.cpp$couldn't create ProgramData dir '{}'$couldn't create Wildix dir '{}'$couldn't create printing dir '{}'$error${}\FaxPrinter${}\Wildix
                                                                                                                • API String ID: 4053574115-744896386
                                                                                                                • Opcode ID: 507589a20b7b51a6781f7fffe40dd1ac840723e42d6957fc781b9ddcfd6bee6c
                                                                                                                • Instruction ID: f3d8078dd306c3678580ecbc9dbe0fd073ee58df1701d64ba31676228665d4d4
                                                                                                                • Opcode Fuzzy Hash: 507589a20b7b51a6781f7fffe40dd1ac840723e42d6957fc781b9ddcfd6bee6c
                                                                                                                • Instruction Fuzzy Hash: 63C16472918BC582EA108B25ED413AEF361FB967D4F505235EADD02AE9EF7CE184C740
                                                                                                                Function 00007FF8275C19C8 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19D7
                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C19EC
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A0D
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A3A
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A4B
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A5C
                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF,?,?,00000000,00007FF8275C903B), ref: 00007FF8275C1A77
                                                                                                                • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1AAD
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1ACC
                                                                                                                  • Part of subcall function 00007FF8275C35E4: HeapAlloc.KERNEL32(?,?,00000000,00007FF8275C1BA2,?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000), ref: 00007FF8275C3639
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1AF4
                                                                                                                  • Part of subcall function 00007FF8275C35A8: HeapFree.KERNEL32(?,?,00007FF8275C0D47,00007FF8275CE3BE,?,?,?,00007FF8275CE73B,?,?,00000000,00007FF8275CD86D,?,?,?,00007FF8275CD79F), ref: 00007FF8275C35BE
                                                                                                                  • Part of subcall function 00007FF8275C35A8: GetLastError.KERNEL32(?,?,00007FF8275C0D47,00007FF8275CE3BE,?,?,?,00007FF8275CE73B,?,?,00000000,00007FF8275CD86D,?,?,?,00007FF8275CD79F), ref: 00007FF8275C35C8
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1B05
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF8275CD95B,?,?,?,00007FF8275C7AE4,?,?,?,00007FF8275B3BFF), ref: 00007FF8275C1B16
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                • String ID:
                                                                                                                • API String ID: 570795689-0
                                                                                                                • Opcode ID: adc9f3aa6ea71c7459860f522830e6186bb0d40b62aa8c25c5b73c7b0acd8c10
                                                                                                                • Instruction ID: 6fc6637558bba4f4a30a5e6cb078c951a25e0868c16ba8bcd043aae40eaf3cae
                                                                                                                • Opcode Fuzzy Hash: adc9f3aa6ea71c7459860f522830e6186bb0d40b62aa8c25c5b73c7b0acd8c10
                                                                                                                • Instruction Fuzzy Hash: F8418BA0A0820642FA18A7335F5127DA6826F573F4F485B3CED3E0A6C6EE2CF8418601
                                                                                                                Function 00007FF82753A610 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 306COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753A8B4
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753A8BA
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753A8FE
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753A904
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753A90A
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753A910
                                                                                                                  • Part of subcall function 00007FF8275406C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FF82753B457), ref: 00007FF82754071F
                                                                                                                  • Part of subcall function 00007FF8275406C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FF82753B457), ref: 00007FF8275407BB
                                                                                                                  • Part of subcall function 00007FF8275406C0: MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FF82753B457), ref: 00007FF8275407E8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide
                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$port level {} is invalid
                                                                                                                • API String ID: 469901203-1756580397
                                                                                                                • Opcode ID: 53d684fb8f09aa97a3efd42303bdad9ca89525d702a7f1c3629099fd72a3924d
                                                                                                                • Instruction ID: 78abc87cd88d50ffcd1fa636fa01e293d1e76ddc57dd903e9c8bb04af540ea23
                                                                                                                • Opcode Fuzzy Hash: 53d684fb8f09aa97a3efd42303bdad9ca89525d702a7f1c3629099fd72a3924d
                                                                                                                • Instruction Fuzzy Hash: 70C1B072B14A4686FB00CF6ADE843ACA362EB467D8F505635EA5C136E9DF38F581C344
                                                                                                                Function 00007FF8275AE5DC Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Replicator::operator[]
                                                                                                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                • API String ID: 3676697650-3207858774
                                                                                                                • Opcode ID: eb5dfb772da872b64948b165cb24fca11ce0200a5d144be3d9230e14ebc015cb
                                                                                                                • Instruction ID: 73d9b186ab83bb0421231f7fd3dc1675d72bbb9bb49ccecefb37d8aa71f80c98
                                                                                                                • Opcode Fuzzy Hash: eb5dfb772da872b64948b165cb24fca11ce0200a5d144be3d9230e14ebc015cb
                                                                                                                • Instruction Fuzzy Hash: E6818B26A08A8789FB109F26DD512BCB7A1BB567C8F848532DA8D03695EF3CF905C740
                                                                                                                Function 00007FF8275AA3E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                • API String ID: 2943138195-1464470183
                                                                                                                • Opcode ID: bff51682b923a1e294718221f69f26260e8471e5ac19c70d511da750f82a0ba4
                                                                                                                • Instruction ID: 70393ba45f9e26c6dce550855eb070d671230034b0c18b08eda819bbc2bf0e77
                                                                                                                • Opcode Fuzzy Hash: bff51682b923a1e294718221f69f26260e8471e5ac19c70d511da750f82a0ba4
                                                                                                                • Instruction Fuzzy Hash: F4514D32E18B1689FB10CB66EE951BCB7B0BB06384F904039EA0D57A99DF39F505C704
                                                                                                                Function 00007FF8275A8A9C Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID:
                                                                                                                • API String ID: 2943138195-0
                                                                                                                • Opcode ID: 30f001fca32f8e22a9feccce9067a947ce43097018333a86e4c8c6b46ee35f3e
                                                                                                                • Instruction ID: 08e832135e8769fda95dba72dd022aaebb8fcbc8bd8e5f950af587a28757ba39
                                                                                                                • Opcode Fuzzy Hash: 30f001fca32f8e22a9feccce9067a947ce43097018333a86e4c8c6b46ee35f3e
                                                                                                                • Instruction Fuzzy Hash: 1C618962F04B6698FB01DBA2DD911EC67B1BB05788F444436DE0D2BA89EF78F505C380
                                                                                                                Function 00007FF82759F070 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF82759F223
                                                                                                                • bad exception, xrefs: 00007FF82759F0BB
                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FF82759F218
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy__std_exception_destroy$Init_thread_footer
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                • API String ID: 3914267585-2007977368
                                                                                                                • Opcode ID: 55002d9398126cb6ed95cb8007613be2f66656adfac7f70bfaa8c9a0bb41aaa9
                                                                                                                • Instruction ID: ccac87b59de7595d590775a161fec8723e288a83dcbadaedf3f3ea386b477f77
                                                                                                                • Opcode Fuzzy Hash: 55002d9398126cb6ed95cb8007613be2f66656adfac7f70bfaa8c9a0bb41aaa9
                                                                                                                • Instruction Fuzzy Hash: 0EF11732B05B45CAEB00CF66ED902AC73B5FB8AB88B444136DA4D53B64EF38E555C780
                                                                                                                Function 00007FF82759EB80 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF82759ED33
                                                                                                                • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00007FF82759ED28
                                                                                                                • bad allocation, xrefs: 00007FF82759EBCB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy__std_exception_destroy$Init_thread_footer
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\exception\include\boost/exception/detail/exception_ptr.hpp$bad allocation$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                • API String ID: 3914267585-177984870
                                                                                                                • Opcode ID: b8ca21c5bbf1f9d7151282c3390c09e676e5ee5e8b26a295c4fc7bba85e3185d
                                                                                                                • Instruction ID: 6e2434a8db2eb2b6792ae918b3e3fa932ec42455e1477b87bb49d90a54dfa161
                                                                                                                • Opcode Fuzzy Hash: b8ca21c5bbf1f9d7151282c3390c09e676e5ee5e8b26a295c4fc7bba85e3185d
                                                                                                                • Instruction Fuzzy Hash: 9AF10532B09B45CAEB50CF66ED902AC73B5FB49B88B444136DA4D53B64EF38E555C380
                                                                                                                Function 00007FF8275AC0A8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                • API String ID: 2943138195-2239912363
                                                                                                                • Opcode ID: afe0ffeb56c262848d721f9b06f82b5fd4e90291abbc621942f29b19f2ff9138
                                                                                                                • Instruction ID: 232580f6831a3e8706d1923b206b16ce76c71c1fb0847f2668c201badba4f09d
                                                                                                                • Opcode Fuzzy Hash: afe0ffeb56c262848d721f9b06f82b5fd4e90291abbc621942f29b19f2ff9138
                                                                                                                • Instruction Fuzzy Hash: 00517D62E19B4689FB11CB62DE422BDB7B0BB4A788F448135CE4D12B99EF7CB144C750
                                                                                                                Function 00007FF82756BA8C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF82756BAFF
                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF82756BB40
                                                                                                                • :AM:am:PM:pm, xrefs: 00007FF82756BB5E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Maklocstr$Yarn
                                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                • API String ID: 3000050306-35662545
                                                                                                                • Opcode ID: 043d8c8dbdccdc31edd4451736137fd4944aa671c029841ddc14928f43825f10
                                                                                                                • Instruction ID: c302702f955c7c8fbefb4b5ac17afe34b4368fa99c5c4770e993455bcfcfd6fb
                                                                                                                • Opcode Fuzzy Hash: 043d8c8dbdccdc31edd4451736137fd4944aa671c029841ddc14928f43825f10
                                                                                                                • Instruction Fuzzy Hash: 9A216B62A04B8685EB10DF22DE412ACB7A5EB8ABC4F498231DA4D0379ADF3CF141C700
                                                                                                                Function 00007FF82756BB8C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • :AM:am:PM:pm, xrefs: 00007FF82756BC42
                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF82756BC32
                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF82756BBF6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Maklocwcsstd::_$Yarn
                                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                • API String ID: 1194159078-3743323925
                                                                                                                • Opcode ID: 3ebec83a3551bdcdc76b1dd3e4fbc74a91f3be1accb92f4614d00804df2fdd61
                                                                                                                • Instruction ID: 35f64ad8076ecd0737b81404265fedda5962f4f66634b165aff1245280d8b9fd
                                                                                                                • Opcode Fuzzy Hash: 3ebec83a3551bdcdc76b1dd3e4fbc74a91f3be1accb92f4614d00804df2fdd61
                                                                                                                • Instruction Fuzzy Hash: DA213222A04B4586EA10DF26EE412BDB3A0EB9ABC4F445535DB4D43796EF3CF580C700
                                                                                                                Function 00007FF82756A5A8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                • API String ID: 667068680-1247241052
                                                                                                                • Opcode ID: 24ef0a13b2b71fb77e4f14e7101441ab91dd52ec8659cc3e364eb840c4570d0f
                                                                                                                • Instruction ID: 265cc37748a44988f3be5128da7de038e537b096d39fd7e6f2d9da3789197ad2
                                                                                                                • Opcode Fuzzy Hash: 24ef0a13b2b71fb77e4f14e7101441ab91dd52ec8659cc3e364eb840c4570d0f
                                                                                                                • Instruction Fuzzy Hash: 49F0DF74A19B0B81EE009B63FD48079A3A1BF4BBC1F448031D85D82360FE7CB5588308
                                                                                                                Function 00007FF82754CA50 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 432COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !%x$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                • API String ID: 0-83798936
                                                                                                                • Opcode ID: a32122825081d9a488622c53e42b0bd3b035f910232830177a908dcf0b36e0ca
                                                                                                                • Instruction ID: 466f3de3060fc7c75f133a2a3955eb7fa4c57679fe03088702da407a1681d67c
                                                                                                                • Opcode Fuzzy Hash: a32122825081d9a488622c53e42b0bd3b035f910232830177a908dcf0b36e0ca
                                                                                                                • Instruction Fuzzy Hash: A302A122B09A858AFB11CF7AD9103ACB7B1BB8AB98F544131DE4D53799DF38E485C350
                                                                                                                Function 00007FF827546C90 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 203COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                • String ID: boost::thread_resource_error
                                                                                                                • API String ID: 1944019136-52533987
                                                                                                                • Opcode ID: c0a4fb3d3dcde025ecdb475e22d0f7059944a9c4df05c199f8d4c7d0220718fd
                                                                                                                • Instruction ID: 8f60886b60b0da0cae09fe1908d15051ee2a7965e386f94cd648589f0a17188d
                                                                                                                • Opcode Fuzzy Hash: c0a4fb3d3dcde025ecdb475e22d0f7059944a9c4df05c199f8d4c7d0220718fd
                                                                                                                • Instruction Fuzzy Hash: CA919F62F18B8189FB00CF76D9503AD6361EB5A7E8F509331DA6C166DAEF38E195C340
                                                                                                                Function 00007FF8275C3710 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF8275C4078,?,?,?,?,00007FF8275BCFEE), ref: 00007FF8275C388C
                                                                                                                • GetProcAddress.KERNEL32(?,?,00000000,00007FF8275C4078,?,?,?,?,00007FF8275BCFEE), ref: 00007FF8275C3898
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                • Opcode ID: 406051a2592b956789926d0e03c2a6cb936b63ae089444588f7eef2c5ea3ac99
                                                                                                                • Instruction ID: 6bfdee43732416576ee3a9eea481fea630ff495def41739170ec860e7d1727e8
                                                                                                                • Opcode Fuzzy Hash: 406051a2592b956789926d0e03c2a6cb936b63ae089444588f7eef2c5ea3ac99
                                                                                                                • Instruction Fuzzy Hash: 8C41AF21B1AA1681FA159B179E0466EA3A1BF47BE0F488139DD0D8B794EF3CF445C249
                                                                                                                Function 00007FF8275315E0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 93libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: Genu$GetEnabledExtendedFeatures$ineI$kernel32.dll$ntel
                                                                                                                • API String ID: 1646373207-3700478490
                                                                                                                • Opcode ID: f6a19ec6d9bc2c3b92dfcea9db0b3fe0128be32342420ed64a96bfb399300f25
                                                                                                                • Instruction ID: d8792d155b3f3e4a57c3f6fb0276e6b365d879ea9fc04f6234e6d44957eea12e
                                                                                                                • Opcode Fuzzy Hash: f6a19ec6d9bc2c3b92dfcea9db0b3fe0128be32342420ed64a96bfb399300f25
                                                                                                                • Instruction Fuzzy Hash: 0C411735E09F1389FA558B23FE5467DA2D5BF467C0F94413AD84E427A1EE2CB914C344
                                                                                                                Function 00007FF8275B4810 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                • String ID: f$p$p
                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                • Opcode ID: 19d8d3a6ce4d553595b11ae62b80b8ab70f141bbd8fa23e1acf4f9e34a95b6b9
                                                                                                                • Instruction ID: de3c12ed4ed7f7029d47efad02ae7790e953b3870aa5df1c9339e98ffb8848b1
                                                                                                                • Opcode Fuzzy Hash: 19d8d3a6ce4d553595b11ae62b80b8ab70f141bbd8fa23e1acf4f9e34a95b6b9
                                                                                                                • Instruction Fuzzy Hash: 4112A0A2A0C14386FB309E56DE5427DB2A1FB62B94F945135E789476CCDF3CF8808B15
                                                                                                                Function 00007FF82753A0D0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 293COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: <>:"/\|?*$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                • API String ID: 0-185695948
                                                                                                                • Opcode ID: 3b8e9b084ae3fe80f10a0b709558fcff5bf3ef0c3e437067347b833831948975
                                                                                                                • Instruction ID: 6ab8da61d69569e6bfedd6c36856557a872ea35a56fd01cfa8edd90485fe8f25
                                                                                                                • Opcode Fuzzy Hash: 3b8e9b084ae3fe80f10a0b709558fcff5bf3ef0c3e437067347b833831948975
                                                                                                                • Instruction Fuzzy Hash: 65B1C162A18A8585FB108B26DE443BDA361FB86BD4F504232EA6D077E9DF3CF481C304
                                                                                                                Function 00007FF8275C63E8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                • String ID:
                                                                                                                • API String ID: 3215553584-0
                                                                                                                • Opcode ID: 0d5a754dbeff539dd81f6783643e406fe980485eeff2bc2e5dbee37e73edf62c
                                                                                                                • Instruction ID: 5356892bafe1ed9a75d9ed5414f87efd76f1b3ada1534f27eee83e3df888dff8
                                                                                                                • Opcode Fuzzy Hash: 0d5a754dbeff539dd81f6783643e406fe980485eeff2bc2e5dbee37e73edf62c
                                                                                                                • Instruction Fuzzy Hash: 05C1E222A0C78691EB609B269E403BEBBE1FB82BC0F554139DE4D07795DE7DF9498301
                                                                                                                Function 00007FF82758B350 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                • String ID: Wildix
                                                                                                                • API String ID: 1944019136-3768880759
                                                                                                                • Opcode ID: 2823cc508920a4a98f25ee96ba3e61970f51b53b8d183ac65d9c6313aa3bc790
                                                                                                                • Instruction ID: b7131e82ef58220de98b80d35dd056bc753f5edb3e4596f33994f1f5faf54b1e
                                                                                                                • Opcode Fuzzy Hash: 2823cc508920a4a98f25ee96ba3e61970f51b53b8d183ac65d9c6313aa3bc790
                                                                                                                • Instruction Fuzzy Hash: 1A81A062F14B858AFB00CB66DD413AD6362EB4A7E8F504631DE6D167DAEE38E4C5C340
                                                                                                                Function 00007FF827549A20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 132COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                • String ID: bad locale name$false$true
                                                                                                                • API String ID: 2775327233-1062449267
                                                                                                                • Opcode ID: 4f0701115a1ac646aaee78f5198fcec0b9723c93178c857999a7da3b5d61df9d
                                                                                                                • Instruction ID: f18e6170507fa3b5f5941bcc8729396cbf3d5955830bd9ff5114d15ac6a2d25c
                                                                                                                • Opcode Fuzzy Hash: 4f0701115a1ac646aaee78f5198fcec0b9723c93178c857999a7da3b5d61df9d
                                                                                                                • Instruction Fuzzy Hash: 94516D23B09B4289EB15CFA2DD512ADB3B5FB46788F044935DE4D27A89CF38E945C310
                                                                                                                Function 00007FF8275AE3D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: {for
                                                                                                                • API String ID: 2943138195-864106941
                                                                                                                • Opcode ID: f90e41cad096f2da93ea417e0c4c3fcd4eba8a185dcbaaf535a881db8345dab5
                                                                                                                • Instruction ID: 81a954bf938e677341c60dd2ccd97479c420c8bb73627d54c68e6bc08d35c21e
                                                                                                                • Opcode Fuzzy Hash: f90e41cad096f2da93ea417e0c4c3fcd4eba8a185dcbaaf535a881db8345dab5
                                                                                                                • Instruction Fuzzy Hash: 78514F72A08A4699EB019F26DD523ECB7A0FB4A788F848471DA4C17B99EF7CE554C300
                                                                                                                Function 00007FF827567DE0 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentThread$xtime_get
                                                                                                                • String ID:
                                                                                                                • API String ID: 1104475336-0
                                                                                                                • Opcode ID: 1b469f39731d2fe9418beec3031c25306e4f08875869ab3756341ad35cd88f7e
                                                                                                                • Instruction ID: 80b3ffd25549f927e156e84e68e1500546cd0196f8af1c2e63114fc19677ff2b
                                                                                                                • Opcode Fuzzy Hash: 1b469f39731d2fe9418beec3031c25306e4f08875869ab3756341ad35cd88f7e
                                                                                                                • Instruction Fuzzy Hash: DB511B36A1860386EA608F26DD4466EF3A0FB46BC4F558535EA4E427A1DF3DFC86C700
                                                                                                                Function 00007FF827540460 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • couldn't get temp folder path, error {}, xrefs: 00007FF8275404BE
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FF8275404D0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$ErrorLastPathTemp
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get temp folder path, error {}
                                                                                                                • API String ID: 1406663960-3281116547
                                                                                                                • Opcode ID: 00d46c72ac2025951d999f6dfa65d52e4cecf7cd7147bc7663bcd4cc50032544
                                                                                                                • Instruction ID: 2310d5a270b6f709dc208030ca5eac3558400ad80b7b2639c530e5d7aea2815f
                                                                                                                • Opcode Fuzzy Hash: 00d46c72ac2025951d999f6dfa65d52e4cecf7cd7147bc7663bcd4cc50032544
                                                                                                                • Instruction Fuzzy Hash: D1415132608B8582E7208F12FD401AEB7A5FB89BD0F544236EA9D43B95DF3CE555C740
                                                                                                                Function 00007FF8275A87F8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+Replicator::operator[]
                                                                                                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                • API String ID: 1405650943-2211150622
                                                                                                                • Opcode ID: 4315fde10b0c18e2618adf3d88e1e854fc524dc8ef429976d7086a5a917182a1
                                                                                                                • Instruction ID: 3fb0a5477c7068f45315c588626899a6645e8c32fc5eabb582071e90c0a67b53
                                                                                                                • Opcode Fuzzy Hash: 4315fde10b0c18e2618adf3d88e1e854fc524dc8ef429976d7086a5a917182a1
                                                                                                                • Instruction Fuzzy Hash: 12415BB6E08B4799FB128B26DD422BC77A0BB0A788F848535CA4C13768EF7CB541C345
                                                                                                                Function 00007FF8275AA5DC Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: char $int $long $short $unsigned
                                                                                                                • API String ID: 2943138195-3894466517
                                                                                                                • Opcode ID: 141c0a0f09cd27b5732f2ebd561887ead484243a038993fc7541bb2f00a37280
                                                                                                                • Instruction ID: 48a040bfa3f2b014e4f8ff0b1c82084aaf211115ce7f071c4a912a19a2a9f6aa
                                                                                                                • Opcode Fuzzy Hash: 141c0a0f09cd27b5732f2ebd561887ead484243a038993fc7541bb2f00a37280
                                                                                                                • Instruction Fuzzy Hash: DE318D32E18A4689F7118B7ACE553BD67A0BB46788F548135DA0C03BA8EF3CF544CB44
                                                                                                                Function 00007FF8275D33CC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                • String ID: CONOUT$
                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                • Opcode ID: b039afb8f07e777026a724c9789f87f27cf03355c8c9bf5fff4410ca7dd34ed2
                                                                                                                • Instruction ID: 732fb5674d72b1d09ba2855c08a0fa899384bf1dacbd4dca8d2e23e12aa8c1d8
                                                                                                                • Opcode Fuzzy Hash: b039afb8f07e777026a724c9789f87f27cf03355c8c9bf5fff4410ca7dd34ed2
                                                                                                                • Instruction Fuzzy Hash: CC115E31A18B4286E7508B53ED5832EA6A0FB89BE4F544234EA5D87B94DF7CE8048744
                                                                                                                Function 00007FF82756A2B0 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiStringWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 2829165498-0
                                                                                                                • Opcode ID: 3d553350f3ea1b885825a5f5dbf13ac3c6af3aca045ea13cc7965fa45f289a7e
                                                                                                                • Instruction ID: 6b45af625e88ca567305442906e957eb9433d7da9d3c18138c5811976a3e62b9
                                                                                                                • Opcode Fuzzy Hash: 3d553350f3ea1b885825a5f5dbf13ac3c6af3aca045ea13cc7965fa45f289a7e
                                                                                                                • Instruction Fuzzy Hash: 2D816D72A0874286EB20CF229D4036EB691FB96BE8F144635EA5D57BD8DF3CE4858704
                                                                                                                Function 00007FF82756DD14 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: a36a7e67bda7c3c73947efb573825b8bf965981e0dce1774e86ed80058a9df45
                                                                                                                • Instruction ID: 0874f0144e96c864217c6a5474d5e732c202fbd52fe2e3eefb31774e75b0e1e2
                                                                                                                • Opcode Fuzzy Hash: a36a7e67bda7c3c73947efb573825b8bf965981e0dce1774e86ed80058a9df45
                                                                                                                • Instruction Fuzzy Hash: 15414E26A19A4691EE55AF27DE501BCA361FF96BE4F180931DE1D472A5EF2CF8428300
                                                                                                                Function 00007FF82756C84C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 57a7766a3253c7e6cbc8736da2e47dd8f75f37d44a627eb01877c01cab10fbe9
                                                                                                                • Instruction ID: 74feac7ecede05477a5445c444604b3904df30d3d33bef7211383ab18739a980
                                                                                                                • Opcode Fuzzy Hash: 57a7766a3253c7e6cbc8736da2e47dd8f75f37d44a627eb01877c01cab10fbe9
                                                                                                                • Instruction Fuzzy Hash: 08315C26A09A4685FB15AB67EE5017DA361FF86BE4F080532DA5D477A5EF3CF4428300
                                                                                                                Function 00007FF82756D8B4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 6b26bdccdd5009ba21d6a2fdda5128ca61b035b3101044f59d80625fd5c050f1
                                                                                                                • Instruction ID: 77f5cfd427d9b4508f9aa6feda82eef09a2184049b4050e56b33c694ed63d7cc
                                                                                                                • Opcode Fuzzy Hash: 6b26bdccdd5009ba21d6a2fdda5128ca61b035b3101044f59d80625fd5c050f1
                                                                                                                • Instruction Fuzzy Hash: E4313E22A18B4681EF159F27DE4417DA361FB86BE4F084931DA5D476A5EF7CF4428300
                                                                                                                Function 00007FF82756C734 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 97e1c8e71df440029dac44b6848837172bb94ff495717ea7f9f4542e258925d6
                                                                                                                • Instruction ID: fb9ead9beccef77f3d2c299877a7586fcf84c4335d8214a606adb507dabaecf0
                                                                                                                • Opcode Fuzzy Hash: 97e1c8e71df440029dac44b6848837172bb94ff495717ea7f9f4542e258925d6
                                                                                                                • Instruction Fuzzy Hash: C0313C26A0AA4681FA159B57EE4417DA3A1FB86BE4F080536DA1D477A5DF7CF442C300
                                                                                                                Function 00007FF82756D79C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: db8db94cf423b9c0bde9574688cc8952174e95c811c775d3e34009f3d74952de
                                                                                                                • Instruction ID: d5ca3f17b88c7d78b20d9ace85a3b6372547f80b00e21166dafe81344326ce59
                                                                                                                • Opcode Fuzzy Hash: db8db94cf423b9c0bde9574688cc8952174e95c811c775d3e34009f3d74952de
                                                                                                                • Instruction Fuzzy Hash: 6A315A26A19B4681FE159F57EE441BCA361FF86BE4F080932DA5D476A5EF3CF8428300
                                                                                                                Function 00007FF82756C61C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 995f500fbda2b5f68d28f869e49803c568d9986f98628a232573a81d160ea50f
                                                                                                                • Instruction ID: 15df4e8d26db81b348373e2a7e367b0bdace8b354c30601e0231d8bf719ec4b0
                                                                                                                • Opcode Fuzzy Hash: 995f500fbda2b5f68d28f869e49803c568d9986f98628a232573a81d160ea50f
                                                                                                                • Instruction Fuzzy Hash: 7B316F26A0AA4681EE159F17EE4017CA361FB86BE4F081532DE1D477A5EF7CF442C310
                                                                                                                Function 00007FF82756D684 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 3e654346c4ae2bb955d401f13741809ffd118c2d9aa42f4c9c677069333953ad
                                                                                                                • Instruction ID: dc2b451da3f7ac40972e3e60eeb757f25ae136de90f633d497ffa6fcf8c00924
                                                                                                                • Opcode Fuzzy Hash: 3e654346c4ae2bb955d401f13741809ffd118c2d9aa42f4c9c677069333953ad
                                                                                                                • Instruction Fuzzy Hash: 52315C26A08B4691EE159F17EE4027DA361FB46BE0F480932DE1D476A5EF7CF4428300
                                                                                                                Function 00007FF82756D56C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: fa4a690e22aaa987439ec074684b7370cf6dff45c296441ab3a3b4bbc6071f9e
                                                                                                                • Instruction ID: 6a762cd904feb173f050ec383fbc6c01c0c8359d2ced4bedeb690df9bcb2a25c
                                                                                                                • Opcode Fuzzy Hash: fa4a690e22aaa987439ec074684b7370cf6dff45c296441ab3a3b4bbc6071f9e
                                                                                                                • Instruction Fuzzy Hash: 49316F25A09B8681EE159F17EE441BDA361FB96BE4F080932DE1D477A5EF7CF4428700
                                                                                                                Function 00007FF82756C504 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: f6e65cefddb67e402b3bf0afc8515ca7b9034fd07a5f18f016e455aa47b53c24
                                                                                                                • Instruction ID: fa6538124af6da6ef7bd9f47fcf11769019bf2f4e4d4f6ba912583d25f7444b7
                                                                                                                • Opcode Fuzzy Hash: f6e65cefddb67e402b3bf0afc8515ca7b9034fd07a5f18f016e455aa47b53c24
                                                                                                                • Instruction Fuzzy Hash: D9316F26A09A8681EE159B17EE501BDA361FF97BE4F080532DE5D477A9EE3CF4428700
                                                                                                                Function 00007FF82756D454 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: e90bdb48d2177a7ff7c052dc55e10041dce88f7636a666fc145b7981cbddf467
                                                                                                                • Instruction ID: 03e0fd193faec8824696a0dfe2b40d5cb342208798aad17794798fee44cbdf48
                                                                                                                • Opcode Fuzzy Hash: e90bdb48d2177a7ff7c052dc55e10041dce88f7636a666fc145b7981cbddf467
                                                                                                                • Instruction Fuzzy Hash: 03314B22A08B4691EE159F17EE4417CA361FB96BE4F084A32DA1D477A5EF7CF846C300
                                                                                                                Function 00007FF82756D33C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 48605b75142a5c76b4f4821af9657f8825bf241be4d357b971e6739d78024c49
                                                                                                                • Instruction ID: 4299e423d44430f7d36fa303b2ba9681cc54652694fb948bcdf0fc09353e009f
                                                                                                                • Opcode Fuzzy Hash: 48605b75142a5c76b4f4821af9657f8825bf241be4d357b971e6739d78024c49
                                                                                                                • Instruction Fuzzy Hash: CE315C26A09B4A81EE159F17EE4417DA361FB86BE4F180932DE1D476A5EF7CF842C300
                                                                                                                Function 00007FF82756C3EC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 2cfe30cf762f3933817c8ae5a87c2b3bb8d495ac25871ed1c757910401ce2890
                                                                                                                • Instruction ID: e7dbe5d7e73d4de54b5fa906b3ed0ab5101cd3f11531815a2820242f4a2b4e84
                                                                                                                • Opcode Fuzzy Hash: 2cfe30cf762f3933817c8ae5a87c2b3bb8d495ac25871ed1c757910401ce2890
                                                                                                                • Instruction Fuzzy Hash: B3315C25E0AA4681EA15DB17EE5017DA362FB86BE5F084532DE5D477A5DF3CF442C300
                                                                                                                Function 00007FF82756D224 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: da3def3af7ea52f09d790e5d3e76f4e5d71d00b631f219a48f6157b6d02f5919
                                                                                                                • Instruction ID: 7d6494aceff9e158826beffbb0e58b02c1dd6b6d88adf63f883c7f16bb7e5104
                                                                                                                • Opcode Fuzzy Hash: da3def3af7ea52f09d790e5d3e76f4e5d71d00b631f219a48f6157b6d02f5919
                                                                                                                • Instruction Fuzzy Hash: 22315C22A08B4681EE159B67DE441BDA362FB56BE4F484932DA1D477A5EF7CF4428300
                                                                                                                Function 00007FF82756D10C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: dd9cc69a46f47ba46bf162015ba9c2f139e21d81d509ffe7c003eb8ae5d6f897
                                                                                                                • Instruction ID: ddc23d1539604aa52d2a7c6f935536272646bfd6765fbe969b1ec2656fb94f7a
                                                                                                                • Opcode Fuzzy Hash: dd9cc69a46f47ba46bf162015ba9c2f139e21d81d509ffe7c003eb8ae5d6f897
                                                                                                                • Instruction Fuzzy Hash: CE316E26A08B4681EE159F27DE405BDA361FB86BE4F080932DA1D477A5EF7CF4428300
                                                                                                                Function 00007FF82756CFF4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: d168b0c564ae3b0b7defde41f20c13f637acf92b72770ba4a0f340d6475716fc
                                                                                                                • Instruction ID: a2e4875d7d5a594ae0c4965e17cffbe8623b9fe0bb2f29fab7e323bef0c176fb
                                                                                                                • Opcode Fuzzy Hash: d168b0c564ae3b0b7defde41f20c13f637acf92b72770ba4a0f340d6475716fc
                                                                                                                • Instruction Fuzzy Hash: 2F314B25A09B4681EE15AB27DE4417DA361FF86BE0F084932DA1D476A5EF7CF442C300
                                                                                                                Function 00007FF82756CEDC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 6471d6358bc531fde0265326d95e5cef117dda8d71bea42205f4e1cdda7bc2c8
                                                                                                                • Instruction ID: ccf850c118f6a094a6f3ded8115418e99a21c88f5e4f89fb0f26c428225ccd83
                                                                                                                • Opcode Fuzzy Hash: 6471d6358bc531fde0265326d95e5cef117dda8d71bea42205f4e1cdda7bc2c8
                                                                                                                • Instruction Fuzzy Hash: 52316E21A0AA4691EA159B27DE6417DE361FB46BE4F084632EA1D476A5EE3CF446C300
                                                                                                                Function 00007FF82756CDC4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 654c0435d3bee07db1be9951321d2032019a2036af20dc357810309cbd781477
                                                                                                                • Instruction ID: 179786694336cb27a353bfcefaf3a1efc13e16ec4924bc27c62a324f68d1c414
                                                                                                                • Opcode Fuzzy Hash: 654c0435d3bee07db1be9951321d2032019a2036af20dc357810309cbd781477
                                                                                                                • Instruction Fuzzy Hash: 35316E25A0AA4681EA169B17EE4417DA371FB46BE0F084536DE1D477A5EE3CF846C300
                                                                                                                Function 00007FF82756DBFC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 4692008b77493a3f3df3f97549e5d4823edb8953384e48035edd1f59424a259b
                                                                                                                • Instruction ID: 5cfa6b997290b5937895c5dbe04485be43fb4ad737344a981194a2da5fadf3ba
                                                                                                                • Opcode Fuzzy Hash: 4692008b77493a3f3df3f97549e5d4823edb8953384e48035edd1f59424a259b
                                                                                                                • Instruction Fuzzy Hash: 00313A22A09B4A91FE159B17EE541BCA361FB86BE4F084932DE1D477A5EF7CF4428300
                                                                                                                Function 00007FF82756CCAC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 4f2cf551b9fd2594c79b60f9315d421c1dc237ee4965ae22750b0656993315f0
                                                                                                                • Instruction ID: 7fddc045608ec3303fb69d4b28dbb5d1ed0177db64b36ca2a69981bb2552984e
                                                                                                                • Opcode Fuzzy Hash: 4f2cf551b9fd2594c79b60f9315d421c1dc237ee4965ae22750b0656993315f0
                                                                                                                • Instruction Fuzzy Hash: 47318C22A0AA8691EE559B17EE441BDA761FF86BE4F080532DB1D477A5EE3CF4428300
                                                                                                                Function 00007FF82756CB94 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 7e34a4ad6793e980c4c1d38509cc4b7ede8b364bac0207eac10645b55be99158
                                                                                                                • Instruction ID: 55bd0a2012bba37ccd667edb4b790f9695bc5269106a266420eeac43fbe59aaf
                                                                                                                • Opcode Fuzzy Hash: 7e34a4ad6793e980c4c1d38509cc4b7ede8b364bac0207eac10645b55be99158
                                                                                                                • Instruction Fuzzy Hash: 5D318E21A0AA4695FA159B27EE5017DA361FF46BE0F085532DA2D077A5EE3CF4468300
                                                                                                                Function 00007FF82756DAE4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 6f90c35ae754c09f75baf6ca9098e57ac69d9b1e56f02558d062d963841677c7
                                                                                                                • Instruction ID: 778437685b48df0b7cc745142e5e1c54f692634e33e2102bc087f8636f1558fd
                                                                                                                • Opcode Fuzzy Hash: 6f90c35ae754c09f75baf6ca9098e57ac69d9b1e56f02558d062d963841677c7
                                                                                                                • Instruction Fuzzy Hash: B9315E21A08B4691EE159F27EE5417DA3A1FB46BE0F480932DA1D477A9DF7CF8428700
                                                                                                                Function 00007FF82756CA7C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 6909bea418b17bd6452d4f8fc7a95cdb142d03e1b810b41bc8f729bcc39c7c01
                                                                                                                • Instruction ID: b116af72513d76c2d76a44bfc894b9b1339284583c3f0df87bb1ec6d06691518
                                                                                                                • Opcode Fuzzy Hash: 6909bea418b17bd6452d4f8fc7a95cdb142d03e1b810b41bc8f729bcc39c7c01
                                                                                                                • Instruction Fuzzy Hash: 18317022A09A4781EE159B67EE4417DA361FF86BE4F484532DE1D477A5EE3CF846C300
                                                                                                                Function 00007FF82756C964 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 5a651d2cdcaf9adfc5acdc18ab424cc060d34d7129f23e77095cf90a0b1c9df5
                                                                                                                • Instruction ID: 348fe365751211b59cd5505709e1cdc2c5500ebd81e514a0eac3fd9c321cfb27
                                                                                                                • Opcode Fuzzy Hash: 5a651d2cdcaf9adfc5acdc18ab424cc060d34d7129f23e77095cf90a0b1c9df5
                                                                                                                • Instruction Fuzzy Hash: 99318022A09A4685EF15DB17EE441BDA361FF46BE0F484A32DA1D077A5EE7CF446C700
                                                                                                                Function 00007FF82756D9CC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 8b8634b761f9f6da456628801870d4d6007dd820b5c97a2a4769b8dc5b179ac9
                                                                                                                • Instruction ID: afa9aeba13a6ce13ed50f10dfd6f785b57d9e62e2e56adb7dc96892bd1947d24
                                                                                                                • Opcode Fuzzy Hash: 8b8634b761f9f6da456628801870d4d6007dd820b5c97a2a4769b8dc5b179ac9
                                                                                                                • Instruction Fuzzy Hash: A4313A36A0DB4681EE559B27EE4017DA361FB86BE4F084932DA5D477A5EF7CF4428300
                                                                                                                Function 00007FF827536390 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 510b90a8983c123a6a8bfca7c415a5d9c9044e6ef794bc50a68e2c6ab525970d
                                                                                                                • Instruction ID: c5530c6f6c9ad1c0f886fd8108406624320a399817cee88ddbc9e882c8811b8d
                                                                                                                • Opcode Fuzzy Hash: 510b90a8983c123a6a8bfca7c415a5d9c9044e6ef794bc50a68e2c6ab525970d
                                                                                                                • Instruction Fuzzy Hash: 1B316D22E08A4281FB169B67DE901BDA3A1FB46BE4F180536DE1D072A5DE3CF446C300
                                                                                                                Function 00007FF827544F50 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 78dae591f4a60aae8170682124c64de617256ebf5a9647c4e15318af27402049
                                                                                                                • Instruction ID: 4e5fdf6e379d414322b890f91aa0dc8391be97f57dbc73e053c7aadc20c23d1e
                                                                                                                • Opcode Fuzzy Hash: 78dae591f4a60aae8170682124c64de617256ebf5a9647c4e15318af27402049
                                                                                                                • Instruction Fuzzy Hash: 80318F26A19A4691EE159F27EE641BDA3A1FF46BE0F080532DE1D07795EE3DF8428300
                                                                                                                Function 00007FF827544E40 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 80d1c5e577972784d1cb2ec92e9df0bbba57a3a1b86474d73fe3b3a0ee89f7d0
                                                                                                                • Instruction ID: 241041ae03b6b17c728b9c669db76622863cff302fbbd26faa85c1f81483bf4a
                                                                                                                • Opcode Fuzzy Hash: 80d1c5e577972784d1cb2ec92e9df0bbba57a3a1b86474d73fe3b3a0ee89f7d0
                                                                                                                • Instruction Fuzzy Hash: 24319E26A59A4291EE159F27EE541BDA3A1FB46BE0F080632DE1D077D9DF3CF8528300
                                                                                                                Function 00007FF827544D30 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 449842f21c3bcce3aae6948adcc1e341fd26985bdf67a9b1fe7d5b0106805046
                                                                                                                • Instruction ID: 8f0be6b19bcd70dc9bad5f751aced4a26fa8c6f7c8031feb1595975953c07968
                                                                                                                • Opcode Fuzzy Hash: 449842f21c3bcce3aae6948adcc1e341fd26985bdf67a9b1fe7d5b0106805046
                                                                                                                • Instruction Fuzzy Hash: 24315E22A59A4691EE559F17EE501BDA3A1FB4ABE0F080632DF1D476E5DE3CF842C304
                                                                                                                Function 00007FF827544C20 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: d7b90b93dd82aee2b07a62c32795b7f7885518d75318f1d749ec9981fdb0ec30
                                                                                                                • Instruction ID: 73d800daa4020fd86709d719d6e7cfe85cf4aabd1f4567050c35ee5df27c6fcf
                                                                                                                • Opcode Fuzzy Hash: d7b90b93dd82aee2b07a62c32795b7f7885518d75318f1d749ec9981fdb0ec30
                                                                                                                • Instruction Fuzzy Hash: F6319E22A48A4681EE55AF57EE601BDA3A1FB46BE0F080632DE0D077A5DF7CF446C300
                                                                                                                Function 00007FF82753D880 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: bfbe1cf281200e718374686e6395ed2a641d76325848aa21be1ccfff3db13ad1
                                                                                                                • Instruction ID: 484ff2a259fe79b12af985d3d394438433218453e117bebf02364cc78deda9e4
                                                                                                                • Opcode Fuzzy Hash: bfbe1cf281200e718374686e6395ed2a641d76325848aa21be1ccfff3db13ad1
                                                                                                                • Instruction Fuzzy Hash: 9A316A26A08B4681EB159B17EE441BDA3B1FB46BE0F484632EA5D476A5DF3CF842C300
                                                                                                                Function 00007FF82755C520 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: ba8876aa3346ae9c75539d70029f14eededd9cbc27ddee5232561dd766709d84
                                                                                                                • Instruction ID: 9ce52b8adb85f858dc7cbf55f1f8c2a0c6a95b2ca1d1f0f97b15863e89370338
                                                                                                                • Opcode Fuzzy Hash: ba8876aa3346ae9c75539d70029f14eededd9cbc27ddee5232561dd766709d84
                                                                                                                • Instruction Fuzzy Hash: 53315026A0AA8781EE159F57DE441BDA3A1FB46BE4F081A32DA1D47795DE7CF442C300
                                                                                                                Function 00007FF827553CB0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                • String ID:
                                                                                                                • API String ID: 2081738530-0
                                                                                                                • Opcode ID: 4eac81ef0005b12bff179a9f7cf3b653102569b8f21692e67352610833f971c2
                                                                                                                • Instruction ID: 40279108bee544ff5db5bd887597089d9f5b42ad69899f63a45b60d3ae4fc743
                                                                                                                • Opcode Fuzzy Hash: 4eac81ef0005b12bff179a9f7cf3b653102569b8f21692e67352610833f971c2
                                                                                                                • Instruction Fuzzy Hash: 3F317C26A09A8681EE959B17EE401BDA3B1FF46BE4F484532DA1D077E5DE3CF4428300
                                                                                                                Function 00007FF8275C1B40 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000,00007FF8275CD477,?,?,?), ref: 00007FF8275C1B4F
                                                                                                                • FlsSetValue.KERNEL32(?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000,00007FF8275CD477,?,?,?), ref: 00007FF8275C1B85
                                                                                                                • FlsSetValue.KERNEL32(?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000,00007FF8275CD477,?,?,?), ref: 00007FF8275C1BB2
                                                                                                                • FlsSetValue.KERNEL32(?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000,00007FF8275CD477,?,?,?), ref: 00007FF8275C1BC3
                                                                                                                • FlsSetValue.KERNEL32(?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000,00007FF8275CD477,?,?,?), ref: 00007FF8275C1BD4
                                                                                                                • SetLastError.KERNEL32(?,?,00008EFEC2DE9C49,00007FF8275B5325,?,?,?,?,00007FF8275C8E42,?,?,00000000,00007FF8275CD477,?,?,?), ref: 00007FF8275C1BEF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2506987500-0
                                                                                                                • Opcode ID: ccdb2854712bcaad0c9496c2bb8cc04f63e384938f0a3cdf02f0e08cbfee145b
                                                                                                                • Instruction ID: df8bdee4333257941011e0d1bfad7410ca8049d1f3c580647fff05f2245f9ae9
                                                                                                                • Opcode Fuzzy Hash: ccdb2854712bcaad0c9496c2bb8cc04f63e384938f0a3cdf02f0e08cbfee145b
                                                                                                                • Instruction Fuzzy Hash: 52115CA0B0C24642FA58A7335F5123DE6926F567F4F044738ED2E4A6D6EE2CF8418B05
                                                                                                                Function 00007FF82753A200 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Init_thread_footer
                                                                                                                • String ID: <>:"/\|?*
                                                                                                                • API String ID: 3356721665-3841475095
                                                                                                                • Opcode ID: 425ff8c6f6252e8f4b37f4b97e46b64ab65e4ab4258a9e15a63a3a7a053d55ec
                                                                                                                • Instruction ID: 81e3a466452ea9f6c2ab6ae787e03706e914c97ab8283b5ba324b7aaa5945635
                                                                                                                • Opcode Fuzzy Hash: 425ff8c6f6252e8f4b37f4b97e46b64ab65e4ab4258a9e15a63a3a7a053d55ec
                                                                                                                • Instruction Fuzzy Hash: 6DB16E62A18A8585FB148B26DE043ADA351FB467E4F504636FA6D07BEADF3CF481C304
                                                                                                                Function 00007FF827551A70 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 271COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: at $std:$system
                                                                                                                • API String ID: 3668304517-2505448101
                                                                                                                • Opcode ID: 5f7cc786e631b0e74e9e1bd026284c0d3efcec02e65685e72cdc65300af50fc4
                                                                                                                • Instruction ID: 6c4f65b57fabd1c3bc3ccc28216b6a7d7d8fdf94287759e473e161ee1cc3ebe6
                                                                                                                • Opcode Fuzzy Hash: 5f7cc786e631b0e74e9e1bd026284c0d3efcec02e65685e72cdc65300af50fc4
                                                                                                                • Instruction Fuzzy Hash: C7B18E62B14B958AFB14CB66DE442ADA761FB4ABD4F104631DE6E03BD5DF38E441C340
                                                                                                                Function 00007FF827564B90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 206COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                • String ID: ,$false$true
                                                                                                                • API String ID: 1173176844-760133229
                                                                                                                • Opcode ID: f61bbf55d3453621d0321d380b774bceaaaf36c9cfa69baeb5aec0e634acf0e4
                                                                                                                • Instruction ID: a8f4c591e330835ef6177a098bb3d99662ec548cc8b0c38fdcb3226363e8088f
                                                                                                                • Opcode Fuzzy Hash: f61bbf55d3453621d0321d380b774bceaaaf36c9cfa69baeb5aec0e634acf0e4
                                                                                                                • Instruction Fuzzy Hash: 7B818D22B19B4685E750CF62E9402AEB3A8FB497C8F441136EE4D43B59EF3CE646C740
                                                                                                                Function 00007FF8275ABDF0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                • API String ID: 2943138195-757766384
                                                                                                                • Opcode ID: 7d1cbcb50031b8f9528458c79e85923f490d0d7662a0d172dfdf8c9dbfcfd909
                                                                                                                • Instruction ID: 8583cbd84bd5361258cd72f684595462565b80f30919d26c758980596dabcbd8
                                                                                                                • Opcode Fuzzy Hash: 7d1cbcb50031b8f9528458c79e85923f490d0d7662a0d172dfdf8c9dbfcfd909
                                                                                                                • Instruction Fuzzy Hash: 4B718A72A09B4685EB149F26DE511BDB7A4BF067C4F848639CA4D47BA8EF3CF1608740
                                                                                                                Function 00007FF827538650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 2967684691-1405518554
                                                                                                                • Opcode ID: 299254a33f41da2fc380f8fe79e4273b35d30f2ab1fa486df3111ac88853539c
                                                                                                                • Instruction ID: b9c353dc32ba82a57f7c7f47e5355303f9d0a99b69c8db1face7c25facdc0242
                                                                                                                • Opcode Fuzzy Hash: 299254a33f41da2fc380f8fe79e4273b35d30f2ab1fa486df3111ac88853539c
                                                                                                                • Instruction Fuzzy Hash: B4517B22B09B4189EB15DF62DE512ADB3A5AF46B84F044834DE4D23A99CF3CF555C360
                                                                                                                Function 00007FF827549D90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_taskLockitstd::_$Lockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 2927694129-1405518554
                                                                                                                • Opcode ID: 52693f2195d688310dd9a1bccf2a06c36ac36b07387ddf9c45806a6093fe44b0
                                                                                                                • Instruction ID: 62b1c76105ba9e327e8d66f3042c9ce42d0dcb6059ff7b4873b7126319801e6e
                                                                                                                • Opcode Fuzzy Hash: 52693f2195d688310dd9a1bccf2a06c36ac36b07387ddf9c45806a6093fe44b0
                                                                                                                • Instruction Fuzzy Hash: 3A414C22A1968296FB55DF66AD612AEE6E0FF86780F140934EA8D03A95CF3CE4518710
                                                                                                                Function 00007FF8275790B8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Maklocstr$Getvals
                                                                                                                • String ID: false$true
                                                                                                                • API String ID: 3025811523-2658103896
                                                                                                                • Opcode ID: 21ba5e9dcfa14748637ffeedb7065e45bedb9d8283f7c653025d7417579fcdb8
                                                                                                                • Instruction ID: bed5cb3ad4d408b7d0c3c3e588f6bccb04b279e40a86f90ce0543bb537f64eb2
                                                                                                                • Opcode Fuzzy Hash: 21ba5e9dcfa14748637ffeedb7065e45bedb9d8283f7c653025d7417579fcdb8
                                                                                                                • Instruction Fuzzy Hash: 80416A32B08A8199E710CF71E9001EC73B1FB5978CB40522AEE4D27A59EF38E596C740
                                                                                                                Function 00007FF8275465E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: "$/
                                                                                                                • API String ID: 946306463-2662438755
                                                                                                                • Opcode ID: 8401f99cb403b554531fdb0a5d5a56548121620bd2584bed73a86b97d50b5cdb
                                                                                                                • Instruction ID: 1732554391f2336c17d34c387661aa43133143265bec77d00beca33c9c71de54
                                                                                                                • Opcode Fuzzy Hash: 8401f99cb403b554531fdb0a5d5a56548121620bd2584bed73a86b97d50b5cdb
                                                                                                                • Instruction Fuzzy Hash: 72418032A18B8585EB118F25ED503ADB3B0FB9A798F505231EA9C067A5EF3CE1D4C740
                                                                                                                Function 00007FF827546470 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: ($/
                                                                                                                • API String ID: 946306463-2468745909
                                                                                                                • Opcode ID: 9698a177953f4d0ce814d9f78d9efc867d3cc53eed861d8d9f2fdc5ff8d17078
                                                                                                                • Instruction ID: 0d7d441f447f844dc87d3ce2354afb86112a389f5a1f1cba42d944144b8de16c
                                                                                                                • Opcode Fuzzy Hash: 9698a177953f4d0ce814d9f78d9efc867d3cc53eed861d8d9f2fdc5ff8d17078
                                                                                                                • Instruction Fuzzy Hash: D0415072A18B8585EB11CF25ED503ADB3A0FB9A798F509231EA9D06795EF3CE1D4C700
                                                                                                                Function 00007FF8275402F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FF827540368
                                                                                                                • couldn't get special folder, error {}, xrefs: 00007FF82754035C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$FreeTask
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp$couldn't get special folder, error {}
                                                                                                                • API String ID: 1807027773-2224659992
                                                                                                                • Opcode ID: b84c0743efdce78aa4bab5032517c3909bd40c09f92be3c87a9e3270ba148090
                                                                                                                • Instruction ID: d8eb25a10d2e0106021523b6a973e1d030bf230dddaca2b581ac66d8326f2e28
                                                                                                                • Opcode Fuzzy Hash: b84c0743efdce78aa4bab5032517c3909bd40c09f92be3c87a9e3270ba148090
                                                                                                                • Instruction Fuzzy Hash: 0C417E32A08B8582E7218F16EE5026EB7A1FB867D4F544235EB9D03B99DF3CE5458700
                                                                                                                Function 00007FF8275AD9B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameName::
                                                                                                                • String ID: `template-parameter$void
                                                                                                                • API String ID: 1333004437-4057429177
                                                                                                                • Opcode ID: 88f1c2d15a0bc3adf9c6da8158cc998536c8b7ff011d6048e52b1d8740332abf
                                                                                                                • Instruction ID: 3fe04dfd8eb5f715fe65835161434cf7fc87645690b45c77ccc3cb8fa39aa005
                                                                                                                • Opcode Fuzzy Hash: 88f1c2d15a0bc3adf9c6da8158cc998536c8b7ff011d6048e52b1d8740332abf
                                                                                                                • Instruction Fuzzy Hash: 7D416522F08B5689FB009BA2DD552FDA3B1BB4A7C8F944136CE0C26B59EF78A5458340
                                                                                                                Function 00007FF827546750 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: &$..9999$/
                                                                                                                • API String ID: 1109970293-2119091122
                                                                                                                • Opcode ID: bad96269d5de9d689d7aab0c74dd9c1f69abd81ef4288e4d0c058360d48cd253
                                                                                                                • Instruction ID: 9ea6e583d91ca916d298eb2ab172a4303c28e0e494700f346ac45f6acc531dd5
                                                                                                                • Opcode Fuzzy Hash: bad96269d5de9d689d7aab0c74dd9c1f69abd81ef4288e4d0c058360d48cd253
                                                                                                                • Instruction Fuzzy Hash: A7318D32918B8586EB11CB25ED5036EB3B0FB9A798F505235EA9C067A5EF7CE1D0C700
                                                                                                                Function 00007FF8275C958C Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _set_statfp
                                                                                                                • String ID:
                                                                                                                • API String ID: 1156100317-0
                                                                                                                • Opcode ID: e2a52eeffa03d19c3473cc8f4d897b2ea57e3a717b0bc8f4356aac3dbbf2edbd
                                                                                                                • Instruction ID: ab4b47e55a65705ab60526603afe86880e19f3b769328a437162b89a91daff5f
                                                                                                                • Opcode Fuzzy Hash: e2a52eeffa03d19c3473cc8f4d897b2ea57e3a717b0bc8f4356aac3dbbf2edbd
                                                                                                                • Instruction Fuzzy Hash: 0F81C162908A8686F6228E37AF4137EF6A0BF577D4F145239EE4E265D4DF3CF4818600
                                                                                                                Function 00007FF827551200 Relevance: 7.7, APIs: 5, Instructions: 161windowCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF827551AD5), ref: 00007FF827551257
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF827551AD5), ref: 00007FF827551299
                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF8275513F1
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82755141D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharFormatFreeLocalMessageMultiWide_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 981250203-0
                                                                                                                • Opcode ID: a4c55069807a390da005bd219704418b097c0374aeaa76d1932dde3f0647e92d
                                                                                                                • Instruction ID: d1d29f7ffaf8a0fc9647191f5b29b53ba3da07491d5af1468c5665f2544afb45
                                                                                                                • Opcode Fuzzy Hash: a4c55069807a390da005bd219704418b097c0374aeaa76d1932dde3f0647e92d
                                                                                                                • Instruction Fuzzy Hash: 3851E122B18B8186FB10CB66DD507BEAAA5BB4A7D8F045634DE4D12E95DF3CE0818700
                                                                                                                Function 00007FF827540950 Relevance: 7.7, APIs: 5, Instructions: 160COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 143101810-0
                                                                                                                • Opcode ID: f62dec8673e8e2f51e0ae0e41e2572f67e5205480b3ee1f1906912fe18a45a5d
                                                                                                                • Instruction ID: 21dde66a78b99f93a452aecab0e7e2cf3ef443e1e92ad2cc9c1a692c1e095614
                                                                                                                • Opcode Fuzzy Hash: f62dec8673e8e2f51e0ae0e41e2572f67e5205480b3ee1f1906912fe18a45a5d
                                                                                                                • Instruction Fuzzy Hash: 2351B722A1874141E6249F23BE1426EE6A5FF867E4F284735EEAD037D5DF7CF5809204
                                                                                                                Function 00007FF8275AA238 Relevance: 7.6, APIs: 5, Instructions: 93COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameName::$Name::operator+
                                                                                                                • String ID:
                                                                                                                • API String ID: 826178784-0
                                                                                                                • Opcode ID: 9cc5fa096e5a0a8fddfadafd10dc89e0a5e8996c5e5224a87b09b245d29a3d37
                                                                                                                • Instruction ID: d3dfced8aa2efeeba4d9168a0b5bf11008ae43cf975a31ad48356a4e48bbbeb6
                                                                                                                • Opcode Fuzzy Hash: 9cc5fa096e5a0a8fddfadafd10dc89e0a5e8996c5e5224a87b09b245d29a3d37
                                                                                                                • Instruction Fuzzy Hash: 21418C22A08B5685EB10DB62DE610BCB7B4BF56BC0B948432EE5D13395EF3AF455C304
                                                                                                                Function 00007FF8275D1DBC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _set_statfp
                                                                                                                • String ID:
                                                                                                                • API String ID: 1156100317-0
                                                                                                                • Opcode ID: 6e4f390f8d976f999aef89e1ebd30f2423b3d155eab78d2d27cfc50b49dd385e
                                                                                                                • Instruction ID: 8c47d69607823313eb8236643c4352b0a9bfcb6f8c87f10ecc10cd90a9a0e63a
                                                                                                                • Opcode Fuzzy Hash: 6e4f390f8d976f999aef89e1ebd30f2423b3d155eab78d2d27cfc50b49dd385e
                                                                                                                • Instruction Fuzzy Hash: E411B232E0CA0746F6A4112BEF5137D8549AF5E3F0F1A0638E96E062DACF2CB8418140
                                                                                                                Function 00007FF8275C1C08 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF8275AF1A3,?,?,00000000,00007FF8275AF43E,?,?,?,?,?,00007FF8275AF3CA), ref: 00007FF8275C1C27
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275AF1A3,?,?,00000000,00007FF8275AF43E,?,?,?,?,?,00007FF8275AF3CA), ref: 00007FF8275C1C46
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275AF1A3,?,?,00000000,00007FF8275AF43E,?,?,?,?,?,00007FF8275AF3CA), ref: 00007FF8275C1C6E
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275AF1A3,?,?,00000000,00007FF8275AF43E,?,?,?,?,?,00007FF8275AF3CA), ref: 00007FF8275C1C7F
                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF8275AF1A3,?,?,00000000,00007FF8275AF43E,?,?,?,?,?,00007FF8275AF3CA), ref: 00007FF8275C1C90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value
                                                                                                                • String ID:
                                                                                                                • API String ID: 3702945584-0
                                                                                                                • Opcode ID: 47015a9e18c36173611a2fa3cf1371bbd813ea5f38b7989ff468ca3011a52033
                                                                                                                • Instruction ID: 532e7d1b5289e87f564ad845cfb3f38f670f4d9a834d3ce728df02a927a671ff
                                                                                                                • Opcode Fuzzy Hash: 47015a9e18c36173611a2fa3cf1371bbd813ea5f38b7989ff468ca3011a52033
                                                                                                                • Instruction Fuzzy Hash: 1B1167A0E0C24641FA58A323AF5137DA6816F963F0F485738EC3E4A6D6DE2CF8418605
                                                                                                                Function 00007FF827533BD7 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_deleteport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 3668304517-2267907852
                                                                                                                • Opcode ID: eae48cf29b154a8592d0c7e870acd674272bc2775f49a9c542b8e1c76fec63b2
                                                                                                                • Instruction ID: c31c0c31b4715e163e77964c4f60b7f726a1e0dcd61c49e10e71e3d19e88de15
                                                                                                                • Opcode Fuzzy Hash: eae48cf29b154a8592d0c7e870acd674272bc2775f49a9c542b8e1c76fec63b2
                                                                                                                • Instruction Fuzzy Hash: 05916562A186C541FE109B6AED4536EE351EFC67E0F504331EAAC46AEADF6CF481C700
                                                                                                                Function 00007FF8275336F6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_addport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 3668304517-3963725590
                                                                                                                • Opcode ID: 8aa18e938cf472b62834a2e085f09551e528f040edcc30cd9f31e5b5f81ea4c4
                                                                                                                • Instruction ID: 2a648c48b05a87c85f497eb4df6d55b8b814f4d13b9f6bd76337082d1c81816d
                                                                                                                • Opcode Fuzzy Hash: 8aa18e938cf472b62834a2e085f09551e528f040edcc30cd9f31e5b5f81ea4c4
                                                                                                                • Instruction Fuzzy Hash: 30917462A186C541FA149B6AEE453AEE351EBC77E0F505331E6AD43BE9DF6CF081C600
                                                                                                                Function 00007FF827534B14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 203COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_startdocport {:#x}, '{}', {}, {}, {:#x}$system
                                                                                                                • API String ID: 3668304517-1475283317
                                                                                                                • Opcode ID: dc95d62b5354c7897fe70d7556a89b6aee5d3cc572e179191b0029c28a894270
                                                                                                                • Instruction ID: e7feba0e1195b082f47be2d52a2800a5ab3aaeb9482324cb57551ced500299e4
                                                                                                                • Opcode Fuzzy Hash: dc95d62b5354c7897fe70d7556a89b6aee5d3cc572e179191b0029c28a894270
                                                                                                                • Instruction Fuzzy Hash: 49819462A187C141FA50DB66ED453AEE251FB867E0F504235EAAD43BEADF7CE484C700
                                                                                                                Function 00007FF82753F8A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 194COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: {}{}${}{}{}
                                                                                                                • API String ID: 3668304517-2846689003
                                                                                                                • Opcode ID: 605c9f5ada0807124158fb0926c69c7b119217b8a05b6c25ed5db52c39d8ae91
                                                                                                                • Instruction ID: 7b597505c71da151e67814097dc5f98e5fc35c3f4d418b993d46af4cd295d146
                                                                                                                • Opcode Fuzzy Hash: 605c9f5ada0807124158fb0926c69c7b119217b8a05b6c25ed5db52c39d8ae91
                                                                                                                • Instruction Fuzzy Hash: C1918F63F14B858AFB00CF75D9103AC6372E75A788F509225DE9C12AA9EF78E5D5C340
                                                                                                                Function 00007FF827533917 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 170COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_configureport '{}', {:#x}, '{}'$system
                                                                                                                • API String ID: 3668304517-417426335
                                                                                                                • Opcode ID: 7047f254d8617e96fb092d7461bea2ee938388945377c7fa5db3adbee4f92f42
                                                                                                                • Instruction ID: 9773ea83a32a806a1b79add7bc03a16a27ac04b0a432a453af892b350d209984
                                                                                                                • Opcode Fuzzy Hash: 7047f254d8617e96fb092d7461bea2ee938388945377c7fa5db3adbee4f92f42
                                                                                                                • Instruction Fuzzy Hash: 9D618662A186C542FA109B26ED5536EE351FFC67E0F504331E6AC42AE6DF6CF480C704
                                                                                                                Function 00007FF827534E3F Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_writeport {:#x}, {:#x}, {}, {:#x}$system
                                                                                                                • API String ID: 3668304517-1752104201
                                                                                                                • Opcode ID: 419119b2c62c174113229777a4fc78cf9cb19e2412fce17469e34f5332d8caf2
                                                                                                                • Instruction ID: e130780b914936d31b87ca8da4becbe261b32b0bbf2d5caeca62ec7b535638e3
                                                                                                                • Opcode Fuzzy Hash: 419119b2c62c174113229777a4fc78cf9cb19e2412fce17469e34f5332d8caf2
                                                                                                                • Instruction Fuzzy Hash: 3C517762A18BC545EA50DB66ED443AEB3A1FB867E0F504235EA9C43BE5DF3CE485C700
                                                                                                                Function 00007FF827535758 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$RunDllCallback {:#x}, {:#x}, {:#x} -> '{}', {}$rundll
                                                                                                                • API String ID: 3668304517-2948112147
                                                                                                                • Opcode ID: 223923b02ba872e5553e79c88905db3a6d0ec86125ec1550520b0873d322934b
                                                                                                                • Instruction ID: 3fe00f320f866c9e7c81f34eaf7912dc6bc4f497d7a55ac4e16bb5c64fce0076
                                                                                                                • Opcode Fuzzy Hash: 223923b02ba872e5553e79c88905db3a6d0ec86125ec1550520b0873d322934b
                                                                                                                • Instruction Fuzzy Hash: FE514472A18BC581EA108B26ED453AEB351FB867E0F505235EAAD43BE5DF7CE484C740
                                                                                                                Function 00007FF8275648E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 2775327233-1405518554
                                                                                                                • Opcode ID: d9397497a4781e6ec6e68d6aff37267b28c81d71b3ae623fba49493915316b38
                                                                                                                • Instruction ID: 84910a7a79e8fdb812c99dcb3319865e62856fcb82e8ae1131b70135849ae1f1
                                                                                                                • Opcode Fuzzy Hash: d9397497a4781e6ec6e68d6aff37267b28c81d71b3ae623fba49493915316b38
                                                                                                                • Instruction Fuzzy Hash: 45416C32B4AB4299FB15DFA2DE503FDA3A5AF46788F040834DE4D17A89DE38E6158314
                                                                                                                Function 00007FF827533F86 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\fax_printer\win\WinFaxPrinterDllmain.cpp$monitor_enddocport {:#x}$system
                                                                                                                • API String ID: 3668304517-283873059
                                                                                                                • Opcode ID: d3e200f508ee47e7e34d33692906930a32a0db260c914deb478cbb9a6fc0ca76
                                                                                                                • Instruction ID: 12d22b504f01fc01d5b7dcbb283e006750eecfadb2431e74f60c9392bbf59e58
                                                                                                                • Opcode Fuzzy Hash: d3e200f508ee47e7e34d33692906930a32a0db260c914deb478cbb9a6fc0ca76
                                                                                                                • Instruction Fuzzy Hash: CC517162A18A8542FA14DB26ED4537EE351FF867E0F504231EA9D46AE6DF7DF480C700
                                                                                                                Function 00007FF82753DD70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 2775327233-1405518554
                                                                                                                • Opcode ID: 1e3a812fb3fa12c6097c3a47415dc31fbb9e806ebd2ab91f775b4a38035cb48a
                                                                                                                • Instruction ID: 296bd0955581a28acda5300afad16189d76f4baea4745414d2e025383d18bc0a
                                                                                                                • Opcode Fuzzy Hash: 1e3a812fb3fa12c6097c3a47415dc31fbb9e806ebd2ab91f775b4a38035cb48a
                                                                                                                • Instruction Fuzzy Hash: 7D414C33A0AB4189EB14DF62DD902EDB3B4AF56B88F040939EA4D13A99CF38E510D314
                                                                                                                Function 00007FF827553DC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 2775327233-1405518554
                                                                                                                • Opcode ID: 3801b6b66be63cabc9ee418dea8c10435d19ed6ea45d8bb84567be78068952ff
                                                                                                                • Instruction ID: 8076d71bfd7ac577aeacab58a68a8947ab89f317b3385ba322e013f8e48b911f
                                                                                                                • Opcode Fuzzy Hash: 3801b6b66be63cabc9ee418dea8c10435d19ed6ea45d8bb84567be78068952ff
                                                                                                                • Instruction Fuzzy Hash: 46413B33A1AB8199EB14DF62DD502EDB3E4AF46788F440839EA4D17A95CF38F5158314
                                                                                                                Function 00007FF827549BF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 2775327233-1405518554
                                                                                                                • Opcode ID: ec63ff27a7e8f2462ffb98e271e2155341b25f09e73a0dd334c95e8617968910
                                                                                                                • Instruction ID: bff597f39f3a59a27bb1bfbd380dadfcf9cc24df3e776baa756bc483cd08597b
                                                                                                                • Opcode Fuzzy Hash: ec63ff27a7e8f2462ffb98e271e2155341b25f09e73a0dd334c95e8617968910
                                                                                                                • Instruction Fuzzy Hash: D6414932A0AB4189EB54DF62DDA12EDB3A4BF46788F040835DE4D17A99CF38E5248314
                                                                                                                Function 00007FF827578F70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Maklocwcsstd::_$Getvals
                                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                • API String ID: 1848906033-3573081731
                                                                                                                • Opcode ID: 4945e80a272978650193a0fdc4251e42007728a967e1b1419f4d4f27fd509cfb
                                                                                                                • Instruction ID: c238fbb8c0141b13c26b2199e87324b0fda5a8d541c1a12e3694556929e8eca1
                                                                                                                • Opcode Fuzzy Hash: 4945e80a272978650193a0fdc4251e42007728a967e1b1419f4d4f27fd509cfb
                                                                                                                • Instruction Fuzzy Hash: EA41BF72A18B81A7E764CF269A9057EBBA0FB4A7C17144235DB8943E01DF38F562CB00
                                                                                                                Function 00007FF8275C48D0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                • String ID:
                                                                                                                • API String ID: 2718003287-0
                                                                                                                • Opcode ID: 133dc55c0e21b742c966297e81b5a33beadd4daa88c52926250c49ccd20dd440
                                                                                                                • Instruction ID: dae878cefbc5f10658b77f11527a3fbaf728e6cfb5b9cce586575519d85bd2d0
                                                                                                                • Opcode Fuzzy Hash: 133dc55c0e21b742c966297e81b5a33beadd4daa88c52926250c49ccd20dd440
                                                                                                                • Instruction Fuzzy Hash: ACD1F332B18B4189E750CFA6DE406AC7BB1FB457D8B14423ACE5D97B99DE38E406C340
                                                                                                                Function 00007FF8275C51F8 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8275C51E3), ref: 00007FF8275C5314
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8275C51E3), ref: 00007FF8275C539F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 953036326-0
                                                                                                                • Opcode ID: 1ae3c5f3bae0f1f921d058ce7c0c03d4d1fbc5421b05a80d72e61165d7333824
                                                                                                                • Instruction ID: d76449712349ac2bd23d7da0f3258d3456c07975c6e4bea30e4c8b33b05a98be
                                                                                                                • Opcode Fuzzy Hash: 1ae3c5f3bae0f1f921d058ce7c0c03d4d1fbc5421b05a80d72e61165d7333824
                                                                                                                • Instruction Fuzzy Hash: A991C372E0866585FB508FA69D807BDABA0BB46BC8F64413DDE0E57A84DE7CF446C700
                                                                                                                Function 00007FF82756C118 Relevance: 6.2, APIs: 4, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 73155330-0
                                                                                                                • Opcode ID: 7e871e942d23dd1b5f89d106186a3ac7c673d995445aee67d4ba3866fa86165b
                                                                                                                • Instruction ID: 5c8af73d10457105c4ce7f0ec4bfe38920476899fcee4a76b080303221b783e5
                                                                                                                • Opcode Fuzzy Hash: 7e871e942d23dd1b5f89d106186a3ac7c673d995445aee67d4ba3866fa86165b
                                                                                                                • Instruction Fuzzy Hash: 8071D162B0964A85EE149B63AE4427DE351AB4ABE0F544731EEBD07BD6DE7CF081C304
                                                                                                                Function 00007FF8275A9F50 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID:
                                                                                                                • API String ID: 2943138195-0
                                                                                                                • Opcode ID: fcda0418a93f4b48c4892e59039bbc35314c9457a69dd79d1b2c6a8e12d19b55
                                                                                                                • Instruction ID: 7450b64c0cb4d43ea2cb28d101f2c8f2ed9b43b496dd4e46c69011515e48bbec
                                                                                                                • Opcode Fuzzy Hash: fcda0418a93f4b48c4892e59039bbc35314c9457a69dd79d1b2c6a8e12d19b55
                                                                                                                • Instruction Fuzzy Hash: 3A917A32E08A5699FB118F62DD403BCB7A1BB06788F548036EE4D17699EF7DB845C384
                                                                                                                Function 00007FF82758EF20 Relevance: 6.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1944019136-0
                                                                                                                • Opcode ID: 4f13ca925f28cef88629856cd235122ce5950aafba4e41e506475690a9411b0f
                                                                                                                • Instruction ID: 9b084a8674b04160f8e7f20dd7a78ac2ec8b44f2fb4657f1f865d80e2d6dbc22
                                                                                                                • Opcode Fuzzy Hash: 4f13ca925f28cef88629856cd235122ce5950aafba4e41e506475690a9411b0f
                                                                                                                • Instruction Fuzzy Hash: 98619522A18B8586FA10DB26ED4436EE351EB8B7E4F504631EABD067D5EE7CF0C18700
                                                                                                                Function 00007FF8275406C0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FF82753B457), ref: 00007FF82754071F
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FF82753B457), ref: 00007FF8275407BB
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00007FF82753B457), ref: 00007FF8275407E8
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82754088D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID:
                                                                                                                • API String ID: 1590159271-0
                                                                                                                • Opcode ID: b7086a876088d587dec3b11278540827a9c408e179ffe2515a5a8513ebf42d64
                                                                                                                • Instruction ID: ce705d5cf86d667b551c93371250d6b57c6bf92cfca22952e3d14882a52fd33f
                                                                                                                • Opcode Fuzzy Hash: b7086a876088d587dec3b11278540827a9c408e179ffe2515a5a8513ebf42d64
                                                                                                                • Instruction Fuzzy Hash: 7641C522A1874281F624DF13AE1467EE694FF96BE4F294735EA6C03BD4DE3CE4818340
                                                                                                                Function 00007FF8275AA70C Relevance: 6.1, APIs: 4, Instructions: 133COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+$NameName::
                                                                                                                • String ID:
                                                                                                                • API String ID: 168861036-0
                                                                                                                • Opcode ID: 4b0fed31f8a24bd775459307e2d22a8e08b7a790828e1cd5de89c01666fcfa78
                                                                                                                • Instruction ID: 3600d15bb9c5aaa6b1382691edc2d4b8320d5f8b889164264e8134dc1ee5966a
                                                                                                                • Opcode Fuzzy Hash: 4b0fed31f8a24bd775459307e2d22a8e08b7a790828e1cd5de89c01666fcfa78
                                                                                                                • Instruction Fuzzy Hash: D7513572A18A5689FB118B22ED507BCA7A1BB46BC4F448435EA0E06699EF79F441C704
                                                                                                                Function 00007FF8275ACB18 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                                                                • String ID:
                                                                                                                • API String ID: 3863519203-0
                                                                                                                • Opcode ID: 8b1424a90fe7a39b29f50ee7f49137edc693e78d0e2d63f0bf8e570e1fdcd6fb
                                                                                                                • Instruction ID: 8c67ce961dd5a17482903554fc2533eccda47ac910256efad0a29904d149256d
                                                                                                                • Opcode Fuzzy Hash: 8b1424a90fe7a39b29f50ee7f49137edc693e78d0e2d63f0bf8e570e1fdcd6fb
                                                                                                                • Instruction Fuzzy Hash: 87416A72A09B4589FB01CF65DC513ACB7A0FB49B88F948035DA4D57759DF7CA841C740
                                                                                                                Function 00007FF827598320 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF8275943A3,?,?,00000000,?,?,00007FF82759450E,?,?,?,?,?,00007FF827550BFE), ref: 00007FF827598330
                                                                                                                • SleepConditionVariableSRW.KERNEL32(?,?,?,00007FF8275943A3,?,?,00000000,?,?,00007FF82759450E,?,?,?,?,?,00007FF827550BFE), ref: 00007FF827598367
                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF8275943A3,?,?,00000000,?,?,00007FF82759450E,?,?,?,?,?,00007FF827550BFE), ref: 00007FF827598382
                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF8275943A3,?,?,00000000,?,?,00007FF82759450E,?,?,?,?,?,00007FF827550BFE), ref: 00007FF82759839A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExclusiveLock$Release$AcquireConditionSleepVariable
                                                                                                                • String ID:
                                                                                                                • API String ID: 3114648011-0
                                                                                                                • Opcode ID: 370e0a7b93cad747fb8bf1c474c466c00bfa6cc7f02f721b003f87ce9233e59b
                                                                                                                • Instruction ID: acd51025a0b77063bbb64a02bd264e755d2e06df3703c1d7d33cc6adc86d614d
                                                                                                                • Opcode Fuzzy Hash: 370e0a7b93cad747fb8bf1c474c466c00bfa6cc7f02f721b003f87ce9233e59b
                                                                                                                • Instruction Fuzzy Hash: 7201DE72A0894B81EB114763DC612BD37A17B17B91F884031C5AD821A5EE0CB98AC744
                                                                                                                Function 00007FF827559E40 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 364COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 3668304517-4108050209
                                                                                                                • Opcode ID: 2600323673847a6b3ccbd0abeb2eec316d9bd1a4172048d7da4d63bf8a735a36
                                                                                                                • Instruction ID: 9544dacaef2325ed46e6a0b364e2bab401c19436617007a76dbc66c4c5dca1ec
                                                                                                                • Opcode Fuzzy Hash: 2600323673847a6b3ccbd0abeb2eec316d9bd1a4172048d7da4d63bf8a735a36
                                                                                                                • Instruction Fuzzy Hash: D5E1B222B19F818AEB11CB66E9402EEB7B5EB45784F400136EE8D53B99EF3CE545C740
                                                                                                                Function 00007FF827595570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF827595702
                                                                                                                  • Part of subcall function 00007FF827544C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF827544C35
                                                                                                                  • Part of subcall function 00007FF827544C20: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF827544C5A
                                                                                                                  • Part of subcall function 00007FF827544C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF827544C84
                                                                                                                  • Part of subcall function 00007FF827544C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF827544D15
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp, xrefs: 00007FF8275958A6
                                                                                                                • Could not convert character encoding, xrefs: 00007FF82759589A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp$Could not convert character encoding
                                                                                                                • API String ID: 533778753-1756177606
                                                                                                                • Opcode ID: d6a377b00e8b13ab5b232d9983e91c7746c1f22d7498a197c7ed898c992ad6ef
                                                                                                                • Instruction ID: e1f94094d4ed3282d4f384041a526f59b5d88513b5f1a32b9fd6bc8157b81e94
                                                                                                                • Opcode Fuzzy Hash: d6a377b00e8b13ab5b232d9983e91c7746c1f22d7498a197c7ed898c992ad6ef
                                                                                                                • Instruction Fuzzy Hash: 9C919222608B8586EE508B16EE503AEE3A1FB8A7D4F544131EE9D47BD5DF3CE590C740
                                                                                                                Function 00007FF827536670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp, xrefs: 00007FF827536673
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\wiservice\ext\win\ext-win-winutil.cpp
                                                                                                                • API String ID: 0-2526021498
                                                                                                                • Opcode ID: a3f713bdcf6bc6739ec6fb94f3075917056dfb5fe144be125c7b2fbecec69454
                                                                                                                • Instruction ID: 1fcc5c984e27b4374b5b10285295791ac5a65d424f357e0f02d67aa4137a5b49
                                                                                                                • Opcode Fuzzy Hash: a3f713bdcf6bc6739ec6fb94f3075917056dfb5fe144be125c7b2fbecec69454
                                                                                                                • Instruction Fuzzy Hash: 60514372A08BC981EA20CB16E9443AEE3A1F7DA7D0F505225DADD53BA5DF3CE080C700
                                                                                                                Function 00007FF827532420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: M
                                                                                                                • API String ID: 3668304517-2059362058
                                                                                                                • Opcode ID: 3fb8c4c1c6fbf55f22c35fe7fde059fb6a28d05a18550e14add52146a2da1aa5
                                                                                                                • Instruction ID: cae52622ca0d8257dfafeb68fba5baa88d1c0d7a5048562527bb917d65b4441a
                                                                                                                • Opcode Fuzzy Hash: 3fb8c4c1c6fbf55f22c35fe7fde059fb6a28d05a18550e14add52146a2da1aa5
                                                                                                                • Instruction Fuzzy Hash: 11514462A18BC985EA20CB15E9443AEB361FBDA7D0F505325DADD53B95DF3CE184C700
                                                                                                                Function 00007FF827532A90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: DB
                                                                                                                • API String ID: 3668304517-1293858882
                                                                                                                • Opcode ID: f8e6fd7fc4dcd0bc82912d4659d977d821e1186808b688b17023c14456c06ece
                                                                                                                • Instruction ID: 7b55ff31888327294afa6fd2d6e359caf6e5a99e0c842fc4501c6a72949fe6ca
                                                                                                                • Opcode Fuzzy Hash: f8e6fd7fc4dcd0bc82912d4659d977d821e1186808b688b17023c14456c06ece
                                                                                                                • Instruction Fuzzy Hash: A151536260CBC991EA618B29E9413EEB360FB9A7E4F405325DADC43B95DF3CE584C700
                                                                                                                Function 00007FF827536AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: Mt
                                                                                                                • API String ID: 3668304517-1399232146
                                                                                                                • Opcode ID: 6d1e3889df60db38c6b354ed70b5006aa3f74a2310edbe2699109261becf8519
                                                                                                                • Instruction ID: fc6a057204f7ea403a3864280af3d86d860a20c1ad30884ac031b06950628855
                                                                                                                • Opcode Fuzzy Hash: 6d1e3889df60db38c6b354ed70b5006aa3f74a2310edbe2699109261becf8519
                                                                                                                • Instruction Fuzzy Hash: A5513062908BC980EA618B29E9413EEE360FBDA7E0F405325DADD53B95DF7CE195C700
                                                                                                                Function 00007FF827538B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMtx_unlockPathTemp_invalid_parameter_noinfo_noreturn
                                                                                                                • String ID: port name cannot be empty
                                                                                                                • API String ID: 2419482883-1868005089
                                                                                                                • Opcode ID: 410073b45b8cd2a06d1f8dd444bcb9b9f22f375da51dbfe9c65057e5aefb29af
                                                                                                                • Instruction ID: be07b82c6f8c387d6ca196993b9780a8829cd8b4b1ed5f45d0477a58b733cea4
                                                                                                                • Opcode Fuzzy Hash: 410073b45b8cd2a06d1f8dd444bcb9b9f22f375da51dbfe9c65057e5aefb29af
                                                                                                                • Instruction Fuzzy Hash: 5141F532A09B4682EA149B27ED512AEA3A0FF86BE4F544131EA5D477A5DE3CF481C700
                                                                                                                Function 00007FF82753AAF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00007FF827540460: GetTempPathW.KERNEL32 ref: 00007FF8275404AA
                                                                                                                  • Part of subcall function 00007FF827540460: GetLastError.KERNEL32 ref: 00007FF8275404B4
                                                                                                                  • Part of subcall function 00007FF827540460: WideCharToMultiByte.KERNEL32 ref: 00007FF827540533
                                                                                                                  • Part of subcall function 00007FF827540460: WideCharToMultiByte.KERNEL32 ref: 00007FF82754056C
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753AC92
                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF82753AC98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide_invalid_parameter_noinfo_noreturn$ErrorLastPathTemp
                                                                                                                • String ID: Wildix FaxPort
                                                                                                                • API String ID: 1286625825-2810657378
                                                                                                                • Opcode ID: 8453a68114b5a146ede40a5877e29a7af01cc24ef1faf157943543e249103aca
                                                                                                                • Instruction ID: d30a524e0fd0760210901d00b9700807e48b61369306febe639b68748f815392
                                                                                                                • Opcode Fuzzy Hash: 8453a68114b5a146ede40a5877e29a7af01cc24ef1faf157943543e249103aca
                                                                                                                • Instruction Fuzzy Hash: 5041A472A18B8582EA10CB26ED4026DA361FB8ABE4F544631FA9D437E5DF3CE581C704
                                                                                                                Function 00007FF82754A010 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 593203224-1405518554
                                                                                                                • Opcode ID: 1d8755702b480e53e0ab188cd31c132abdcc647e444f50fd9caab86b4cebce6a
                                                                                                                • Instruction ID: 13d7de29bc8d53a2b206fffe90daaf68fff0445e5669f8fc10e8ce77c45ae3b3
                                                                                                                • Opcode Fuzzy Hash: 1d8755702b480e53e0ab188cd31c132abdcc647e444f50fd9caab86b4cebce6a
                                                                                                                • Instruction Fuzzy Hash: FB413C22B0A74198FB55DFA2DD60BAC73B4AF467C8F444834EE5D12A89CF38E515D348
                                                                                                                Function 00007FF8275C4F68 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                • String ID: U
                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                • Opcode ID: 5f663c3fd3d255cfda4f5e2944c61ba0478e2b525ba73fc05a31a5376b2717e3
                                                                                                                • Instruction ID: 595e70fea2501a16ba4e6d00e1c09e376ff21da01a540c83d50bc7d0de72cfd6
                                                                                                                • Opcode Fuzzy Hash: 5f663c3fd3d255cfda4f5e2944c61ba0478e2b525ba73fc05a31a5376b2717e3
                                                                                                                • Instruction Fuzzy Hash: 5F41A222B19A9186EB208F66ED447AEA7A4FB897D4F504035EE4D87798EF3CE441C740
                                                                                                                Function 00007FF8275981A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 00007FF8275981CF
                                                                                                                  • Part of subcall function 00007FF827595E10: __std_exception_copy.LIBVCRUNTIME ref: 00007FF827595E3A
                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 00007FF82759827F
                                                                                                                  • Part of subcall function 00007FF827595E80: __std_exception_copy.LIBVCRUNTIME ref: 00007FF827595EAF
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp, xrefs: 00007FF827598223
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __std_exception_copystd::bad_exception::bad_exception
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\code_conversion.cpp
                                                                                                                • API String ID: 3754101179-738887669
                                                                                                                • Opcode ID: 951b3095350f867c8e89f21af317d46b3d0ee33ed170bcf4959c5c7ff3fc3f9b
                                                                                                                • Instruction ID: 82d22e586a75435be97046e218f6bb3c083d0e5417e9e2da0cd2f354fe115154
                                                                                                                • Opcode Fuzzy Hash: 951b3095350f867c8e89f21af317d46b3d0ee33ed170bcf4959c5c7ff3fc3f9b
                                                                                                                • Instruction Fuzzy Hash: BE21A252B1958695EA10A623DE553FFD361EF86BC0F408031FA4E4BBABEE1CE50583C0
                                                                                                                Function 00007FF8275AA9D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameName::
                                                                                                                • String ID: %lf
                                                                                                                • API String ID: 1333004437-2891890143
                                                                                                                • Opcode ID: 85668a36295343c5ac8733365a08c63ad65be95d1277db086a08029145af80e5
                                                                                                                • Instruction ID: 02637275a0957260683a7d84ecca0e101f6044f9a1f7d345f6ac69cc2ffc30eb
                                                                                                                • Opcode Fuzzy Hash: 85668a36295343c5ac8733365a08c63ad65be95d1277db086a08029145af80e5
                                                                                                                • Instruction Fuzzy Hash: 0031B221A0CA8746EB20DB13AE510BDF391BF467C4B448236EA4E43765EF3CF5418344
                                                                                                                Function 00007FF8275A9E3C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Name::operator+
                                                                                                                • String ID: void$void
                                                                                                                • API String ID: 2943138195-3746155364
                                                                                                                • Opcode ID: f1c05fc7145a031106bed610ff3aaeeeae1446770ef8835e39a4b602f214c1b6
                                                                                                                • Instruction ID: c8b88212ccf8be114820747f841dc74b44093bc75404ba7d2c5dda4b8bb069c0
                                                                                                                • Opcode Fuzzy Hash: f1c05fc7145a031106bed610ff3aaeeeae1446770ef8835e39a4b602f214c1b6
                                                                                                                • Instruction Fuzzy Hash: FF316A62E18B2699FB01CBA2DC410FC77B0BB49788B804536DE4D13B59EF3CA144C750
                                                                                                                Function 00007FF827538D70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Mtx_unlock
                                                                                                                • String ID: ,$port object {:#x} is not present in the list
                                                                                                                • API String ID: 1418687624-2950792495
                                                                                                                • Opcode ID: f2726cfe368c0018a19b06c7d5213c5894d768bf02e51a0aac68a84f5462c573
                                                                                                                • Instruction ID: 04913bb2204a1356af027e0eee4070c339071cb831d6163ecb6797af35ea9fa2
                                                                                                                • Opcode Fuzzy Hash: f2726cfe368c0018a19b06c7d5213c5894d768bf02e51a0aac68a84f5462c573
                                                                                                                • Instruction Fuzzy Hash: A121C172608B8682EA64CB22ED413AEB3A0FB867C0F804535DA8D47B65DF3CF405C740
                                                                                                                Function 00007FF8275639B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                • String ID: bad locale name
                                                                                                                • API String ID: 1838369231-1405518554
                                                                                                                • Opcode ID: a6def5bc57086b163726a0931fdd04756445cd0118717f0d6f7130d339d2c2e0
                                                                                                                • Instruction ID: bff86bbac8f7ec5a66386e8c9752415376a4e81b6791301bcbfb70846db05c85
                                                                                                                • Opcode Fuzzy Hash: a6def5bc57086b163726a0931fdd04756445cd0118717f0d6f7130d339d2c2e0
                                                                                                                • Instruction Fuzzy Hash: 0601A222105B8189D344DF76AD8015CB7B5FB19BC47185539DB8C8370EEF38D490C340
                                                                                                                Function 00007FF8275A1DDC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF82753314F), ref: 00007FF8275A1E20
                                                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF82753314F), ref: 00007FF8275A1E66
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                • String ID: csm
                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                • Opcode ID: 81885f7563f5cbc4e853b031928c0d3fa19fbbd861defef8bb5bbab469655405
                                                                                                                • Instruction ID: cf481b35fa3b06efbc935e00f2fc7985627297febc05a6a02e2207b2c163e261
                                                                                                                • Opcode Fuzzy Hash: 81885f7563f5cbc4e853b031928c0d3fa19fbbd861defef8bb5bbab469655405
                                                                                                                • Instruction Fuzzy Hash: 06113D32618B8182EB508F16F94026DBBA1FB99B84F584234EE8D07764DF3DE9518700
                                                                                                                Function 00007FF82759A9A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsAlloc.KERNEL32(?,?,00000000,00007FF82759544A,?,?,00000000,00007FF8275954C8,?,?,?,?,?,?,?,00007FF82754B9CE), ref: 00007FF82759A9A9
                                                                                                                Strings
                                                                                                                • C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\thread_specific.cpp, xrefs: 00007FF82759A9CC
                                                                                                                • TLS capacity depleted, xrefs: 00007FF82759A9C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001D.00000002.3225838189.00007FF827531000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF827530000, based on PE: true
                                                                                                                • Associated: 0000001D.00000002.3225783775.00007FF827530000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3225966737.00007FF8275DA000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226025712.00007FF827605000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226074285.00007FF827607000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226129979.00007FF82760A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                • Associated: 0000001D.00000002.3226172398.00007FF82760D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_29_2_7ff827530000_spoolsv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Alloc
                                                                                                                • String ID: C:\GitLab-Runner\builds\iVTFS-Df\0\Integration\wiservice\dependencies\source-boost\libs\log\src\thread_specific.cpp$TLS capacity depleted
                                                                                                                • API String ID: 2773662609-3276512853
                                                                                                                • Opcode ID: 8c25ad7014d0b44dbb02c7eb5f87b5f20471fbf1559ed32282047baa916d64de
                                                                                                                • Instruction ID: 78f79f2fa919dc173a9ddafc57ba175479bbe32d95b8fbc8c5ace0112bdb7aa7
                                                                                                                • Opcode Fuzzy Hash: 8c25ad7014d0b44dbb02c7eb5f87b5f20471fbf1559ed32282047baa916d64de
                                                                                                                • Instruction Fuzzy Hash: 89E09235A0460AC6E7189B67FD4146C7320EF06794F540631CA1D476E0DF3CB4D6C781

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C1013C6E Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644993009.00007FF7C1010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1010000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c1010000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: d/_H
                                                                                                                • API String ID: 0-3811915436
                                                                                                                • Opcode ID: b52bddc2b8df412538eb50180761213ceb14ef814858052d5b514eb04a4bb72f
                                                                                                                • Instruction ID: fa2b7c7af6bfadb53982d77e41fd612f20161b3f36756ed2b4ca09720886606c
                                                                                                                • Opcode Fuzzy Hash: b52bddc2b8df412538eb50180761213ceb14ef814858052d5b514eb04a4bb72f
                                                                                                                • Instruction Fuzzy Hash: 13216B61718A460FD396AB3C64592B1BBD1EF9A220B9501F7D00DCB293EE189C87C391
                                                                                                                Function 00007FF7C0DC0FF1 Relevance: .6, Instructions: 646COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5b9f41e32a29331517be75016228250431859051f7e3cca4d4ef24bcb3740ba8
                                                                                                                • Instruction ID: 3560b3c82dc9dde023d28bdab19e70e12778b54757d457710b13476b4a78c8b3
                                                                                                                • Opcode Fuzzy Hash: 5b9f41e32a29331517be75016228250431859051f7e3cca4d4ef24bcb3740ba8
                                                                                                                • Instruction Fuzzy Hash: 12123630A1CB854FD349EB2884566B5BBE1FF96764B5445BED08EC3292DE28B84387C1
                                                                                                                Function 00007FF7C0DC22B4 Relevance: .5, Instructions: 517COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 84b06cb53074d5d3573a1fc093aa2a123f33ea3ae077fe7e9bb5b6d8856761f2
                                                                                                                • Instruction ID: 0bd37f2db53d0ca0ebb95a20aeb668250a8f08fbc1ffca7fe649f7d28d66f80a
                                                                                                                • Opcode Fuzzy Hash: 84b06cb53074d5d3573a1fc093aa2a123f33ea3ae077fe7e9bb5b6d8856761f2
                                                                                                                • Instruction Fuzzy Hash: 06F11670A18A8A4FD759AF3C546627DBBD1EF55354F9401BDD08FCB393DE28A8028790
                                                                                                                Function 00007FF7C0DC0BC6 Relevance: .2, Instructions: 222COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 87bdcfc156e7a45974f96259f4e3295b97710854440340032f11b4f4c65bb953
                                                                                                                • Instruction ID: b1522e7b2a0224a5f72b9f5d6a9dceac63cd59d257a95626fd39fc9336e69ce5
                                                                                                                • Opcode Fuzzy Hash: 87bdcfc156e7a45974f96259f4e3295b97710854440340032f11b4f4c65bb953
                                                                                                                • Instruction Fuzzy Hash: 4E71A330A1C94A8FD769EF18A4507A5BBD1FF59324F944579C08EC3782CB24B886C7D0
                                                                                                                Function 00007FF7C0E8062D Relevance: .2, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644337332.00007FF7C0E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E80000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0e80000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b6825d592d2029defff1fab0fa5db8c0f1c5bfdf769ffdb67f5220ef9536523d
                                                                                                                • Instruction ID: 6917682615bd624facc7ca0a06fd0feb4452222bb89c3e5c6447d7c4e775b1e1
                                                                                                                • Opcode Fuzzy Hash: b6825d592d2029defff1fab0fa5db8c0f1c5bfdf769ffdb67f5220ef9536523d
                                                                                                                • Instruction Fuzzy Hash: 5A515D7094968A4FD395FF3CA45A265BFE0EF87350F5405FEC04ACB3A3CA2868458790
                                                                                                                Function 00007FF7C0DC0901 Relevance: .1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2435cd96bc72220f2398d6715e8cb0625e3a8fe63a364eae3b6a5f7e1aa0881b
                                                                                                                • Instruction ID: 752fe890531c0e81e3da7c2639aca97966f93271174c3073113300b9a8433436
                                                                                                                • Opcode Fuzzy Hash: 2435cd96bc72220f2398d6715e8cb0625e3a8fe63a364eae3b6a5f7e1aa0881b
                                                                                                                • Instruction Fuzzy Hash: 6B314B30614D098FD784FB3C9859A687BE1FF9935178501F5E409CB3B2EE28EC418781
                                                                                                                Function 00007FF7C0DC1AB2 Relevance: .1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c324d291236f2db89278594a0526e9043483382384f9c0997f60dd532510c866
                                                                                                                • Instruction ID: 4a18d3804e81a67bee4d17bf66f2645d7aa1c0aed1f9f5c07b85435ca029ab33
                                                                                                                • Opcode Fuzzy Hash: c324d291236f2db89278594a0526e9043483382384f9c0997f60dd532510c866
                                                                                                                • Instruction Fuzzy Hash: 4D31397061DA864FD756A77C54662B5BFE0EF4B220B4901F7C049CB2A3DE18AC8387D1
                                                                                                                Function 00007FF7C0DC1BA5 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6e56b5c87b4dbde5bcb1d6878ba52f680f3d1f262dafd704987e284bccbb2183
                                                                                                                • Instruction ID: 46bb5230178aa8173c4c7417e67d67d0b14d136e1173211f0bdf2f5de4c22a8f
                                                                                                                • Opcode Fuzzy Hash: 6e56b5c87b4dbde5bcb1d6878ba52f680f3d1f262dafd704987e284bccbb2183
                                                                                                                • Instruction Fuzzy Hash: 6301F920D2CA4D8FD3956B2868662657BA1EF57295F8401F6D049CB397E9281C408385
                                                                                                                Function 00007FF7C0E807E4 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644337332.00007FF7C0E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E80000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0e80000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7c96ff81d359244daae65f6ccd0e9f8abeb9a77dbf284f4f1debb93b408f39db
                                                                                                                • Instruction ID: 52b0c262ff0321be0eadcff751dc106013ccc9eeeca2a191661b45e6cfb3588a
                                                                                                                • Opcode Fuzzy Hash: 7c96ff81d359244daae65f6ccd0e9f8abeb9a77dbf284f4f1debb93b408f39db
                                                                                                                • Instruction Fuzzy Hash: A3117C706A46498FC359EF28E469B517BF5EF16300FA004ADD48ADF3B2D7759882CB50
                                                                                                                Function 00007FF7C0E80871 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644337332.00007FF7C0E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E80000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0e80000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2b51400f3ba9d49da44356576297aaeeec19b2366a61f92e6c3859c42dbff45c
                                                                                                                • Instruction ID: 2c048f078ba49605fa09b8648efc7b6116b2c9f3f8d7c89328427222e10c62d7
                                                                                                                • Opcode Fuzzy Hash: 2b51400f3ba9d49da44356576297aaeeec19b2366a61f92e6c3859c42dbff45c
                                                                                                                • Instruction Fuzzy Hash: B101DD7094928A4FD799BF2CA455168BFF0EF47310B9005F9C149CB392CB2464458791
                                                                                                                Function 00007FF7C0E80817 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644337332.00007FF7C0E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E80000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0e80000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1524b6189bc2094af8e135051bceec158276448221b30536b5da2cb6f025cb2c
                                                                                                                • Instruction ID: ccf2699d293c16a6d77c81b4212c9d55c83642aa618cbc5cd471ae00a969d0fb
                                                                                                                • Opcode Fuzzy Hash: 1524b6189bc2094af8e135051bceec158276448221b30536b5da2cb6f025cb2c
                                                                                                                • Instruction Fuzzy Hash: 48F0E53066050A4FC39DBF2CE06A7647BE1EF4B300B9005ACD44ACF3A2CA6998428B90
                                                                                                                Function 00007FF7C0DC089D Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: eda736f8704397383b7a94f7ad9e1abf0c6d22e3f5298b663dfd098d7c7ae9e2
                                                                                                                • Instruction ID: 7de551a37d0189db4de8e5d52a57fdab3fc4c9c8632a63734475df5d10e5748f
                                                                                                                • Opcode Fuzzy Hash: eda736f8704397383b7a94f7ad9e1abf0c6d22e3f5298b663dfd098d7c7ae9e2
                                                                                                                • Instruction Fuzzy Hash: F8F0ED2080CB850FD303AB300C242567FE0CF97214F0909EB8888CB1B3D02C8A4483A6
                                                                                                                Function 00007FF7C0DC08E1 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction ID: 168ab86cb84c11b275370ce0e0ad3eed3b6aaf7c9dfbd97114e14c140f73b9cf
                                                                                                                • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction Fuzzy Hash: 36C08C04C4D42702FE843948B0028FAFB808F81230F850874F95CC6393EA4E79C302F2
                                                                                                                Function 00007FF7C0DC1A16 Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644206488.00007FF7C0DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0dc0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction ID: e237467faae7c41fcc619efb40862f778c59927ab253e9cadb1cee7e526c89e0
                                                                                                                • Opcode Fuzzy Hash: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction Fuzzy Hash: 68A00204E9790A07DE4875B518561A8B5C15B8D120FC52874940DC2382FD9E699506D1

                                                                                                                Non-executed Functions

                                                                                                                Function 00007FF7C101000A Relevance: 2.8, Strings: 2, Instructions: 301COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644993009.00007FF7C1010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1010000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c1010000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: C)_^$E)_I
                                                                                                                • API String ID: 0-2567063235
                                                                                                                • Opcode ID: 353ea75909d3ec34be5281583e6addf758ae920ff06612bb37f21ae1dd67b376
                                                                                                                • Instruction ID: 78df0e6838fdbe443e6965418a15c6fec5551f4a7d026002dfe175ac7b8bd8af
                                                                                                                • Opcode Fuzzy Hash: 353ea75909d3ec34be5281583e6addf758ae920ff06612bb37f21ae1dd67b376
                                                                                                                • Instruction Fuzzy Hash: 76B1C17260E6819FD302AB78A8612D4BF70FF4B26430942FBC4888A597CB24F559C7D9
                                                                                                                Function 00007FF7C0E889F2 Relevance: 6.3, Strings: 5, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000001F.00000002.1644337332.00007FF7C0E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E80000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_31_2_7ff7c0e80000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: A_^S$A_^W$A_^c$A_^k$A_^o
                                                                                                                • API String ID: 0-4288450402
                                                                                                                • Opcode ID: 227b96972496515198f09739741f633d550a83517ce0912c33beaefa12324077
                                                                                                                • Instruction ID: d286ecfe2da24f377bc4a958a5c7e3ffdbc45addedeaa77b5d7a1482e1e53c5f
                                                                                                                • Opcode Fuzzy Hash: 227b96972496515198f09739741f633d550a83517ce0912c33beaefa12324077
                                                                                                                • Instruction Fuzzy Hash: 5011E791A4D2C25FE74326A868106D96F919F963A0B1841F7C558CF283DF28E84A83B5

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C0DB2131 Relevance: .9, Instructions: 879COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c0dacbde4fc1d1928cf2e3cc37b583d854c26d8a716e57e8728c5fd3bfd8a942
                                                                                                                • Instruction ID: f90d287ad2c55c339b17619dba673eb1e9579cb604077ce423976adab02caacc
                                                                                                                • Opcode Fuzzy Hash: c0dacbde4fc1d1928cf2e3cc37b583d854c26d8a716e57e8728c5fd3bfd8a942
                                                                                                                • Instruction Fuzzy Hash: 1752C320A1CA8A5FE789EB2C8454A75BBE1EF4A74075805F9D48ECB393CE24FC46C751
                                                                                                                Function 00007FF7C0DB0FF1 Relevance: .9, Instructions: 875COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7630b0ecaf70954871a4a16ef38b1cc81c51a3ec4c80b7e7f22203e76b4d588c
                                                                                                                • Instruction ID: 3fb7e82c33fce8551548ab20ec46111563519d0c71fb1cfed00268c71f225412
                                                                                                                • Opcode Fuzzy Hash: 7630b0ecaf70954871a4a16ef38b1cc81c51a3ec4c80b7e7f22203e76b4d588c
                                                                                                                • Instruction Fuzzy Hash: 11423430A1CA469FE359EB2884456B5B7E1FF86750F9405BED48EC3293DE28F8438791
                                                                                                                Function 00007FF7C0E823F3 Relevance: .6, Instructions: 597COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751723053.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79aba5628c1fc11bfb8d62ca8c7e3306d0a8254a89f973506fbb45ca7cc5be2b
                                                                                                                • Instruction ID: c4c9c097a830955264c384bce77abcdb6ee5f3bdda002ec34715d53a56648819
                                                                                                                • Opcode Fuzzy Hash: 79aba5628c1fc11bfb8d62ca8c7e3306d0a8254a89f973506fbb45ca7cc5be2b
                                                                                                                • Instruction Fuzzy Hash: AA41592260D5960FE316B37CA8562F57F90DF8A37474801B7D48CCB293DF08A98783A5
                                                                                                                Function 00007FF7C0DB0A1D Relevance: .6, Instructions: 588COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a248810e5bbd95873c6b542cb44e86f9871f265dcb8891aba4d8780c56359c6d
                                                                                                                • Instruction ID: e76bda507b1d4b32ba5009001dd3f7c8bea4d5cb2f20d9c31ba0064575d1587f
                                                                                                                • Opcode Fuzzy Hash: a248810e5bbd95873c6b542cb44e86f9871f265dcb8891aba4d8780c56359c6d
                                                                                                                • Instruction Fuzzy Hash: DC12A13060CA89AFE799EF288450AA4BFE1EF4A350B5445F9D48DCB383CF29B845C755
                                                                                                                Function 00007FF7C0E7062D Relevance: .4, Instructions: 382COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751723053.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a0d29bc88c889d83b8f7bb5e4b35958deed9660ce24b9ac49a602566f6792a7
                                                                                                                • Instruction ID: c57fcc113bb340c066de16a40fd1ac854b5294a62faaf8e47219eb096ad29def
                                                                                                                • Opcode Fuzzy Hash: 1a0d29bc88c889d83b8f7bb5e4b35958deed9660ce24b9ac49a602566f6792a7
                                                                                                                • Instruction Fuzzy Hash: 3CC141206099899FE78AFB2C8024674BBE1EF8A354B9805E9D089CB2D3CF157D55C7A1
                                                                                                                Function 00007FF7C0DB1AB2 Relevance: .1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9b2da6068f335dd621a773fa04555901c3f6f3744461d94f1b76c547aa2fb3e7
                                                                                                                • Instruction ID: 94e1c3252f63e6c1d6b1f29a007c4ae00afc8a588576197c22d0d1d92f3e0dc2
                                                                                                                • Opcode Fuzzy Hash: 9b2da6068f335dd621a773fa04555901c3f6f3744461d94f1b76c547aa2fb3e7
                                                                                                                • Instruction Fuzzy Hash: E0312E2170DA8A4FD756A73C58552B5BFE0EF8A62179901F7C44DCB293DE08AC878391
                                                                                                                Function 00007FF7C0DB0901 Relevance: .1, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bf78bef5558e1bfbfc74ca5016bb7a037d4122d6a4a3e35f06cadbf39993dc06
                                                                                                                • Instruction ID: 6f8e211c55357295a6ca7fac3bf233ea6a9c93e40cf087284ed83cda15299d12
                                                                                                                • Opcode Fuzzy Hash: bf78bef5558e1bfbfc74ca5016bb7a037d4122d6a4a3e35f06cadbf39993dc06
                                                                                                                • Instruction Fuzzy Hash: E3311C307189098FE785FB3C8859A687BE1FF9935179901F5E40DCB2B2EE24EC418741
                                                                                                                Function 00007FF7C0DB0530 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fac5b6c37414398fc63de210155d515feb8661bc2ab7d1b5dd71d05a720ad7e6
                                                                                                                • Instruction ID: 9e43e7ea0829dfc7f00c880505c1668422fa176b13969e96ccd0680baafc51e6
                                                                                                                • Opcode Fuzzy Hash: fac5b6c37414398fc63de210155d515feb8661bc2ab7d1b5dd71d05a720ad7e6
                                                                                                                • Instruction Fuzzy Hash: 5721D52450E2C66FD746EB38C451594BFE0FF4A35079809FAC489CF293DA2AF8978791
                                                                                                                Function 00007FF7C0DB1BA5 Relevance: .1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: eb7540ca6a39f55fe33e8a0e4f660b35911dc6f1ad1aec185f92012884b5bbdc
                                                                                                                • Instruction ID: aba40871d05693ca1a967d15a6a30ed9fc01fe3bf05fc5c641b59cb2b5b06ac8
                                                                                                                • Opcode Fuzzy Hash: eb7540ca6a39f55fe33e8a0e4f660b35911dc6f1ad1aec185f92012884b5bbdc
                                                                                                                • Instruction Fuzzy Hash: 13116611A0CA895FE38A573C28257A07FE1EF8B290B4806F7D489CB293E9142C56C396
                                                                                                                Function 00007FF7C0DB089D Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 00499714dd673a8e3c07f0a87bb9af7a93d23499b26f388ad78823d2297a3667
                                                                                                                • Instruction ID: bda77290b4753f744659ed06c0fc6f26c54f1e6060847d5043b6e6885628bcf8
                                                                                                                • Opcode Fuzzy Hash: 00499714dd673a8e3c07f0a87bb9af7a93d23499b26f388ad78823d2297a3667
                                                                                                                • Instruction Fuzzy Hash: 41F0A41080D7861FEB427B3468115A5BFE08F47224F4909F7E98CC72A3D91CA98583A6
                                                                                                                Function 00007FF7C0DB19D8 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751561709.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 32deba3c1c1e42453a3d5ef8bcb79f715c46bcd5c70443e1ab27c9e5dd1071c8
                                                                                                                • Instruction ID: 77201f582ea28ec84044ad06756b900bc9dc929437a3a4b38ee4f2ead29929bf
                                                                                                                • Opcode Fuzzy Hash: 32deba3c1c1e42453a3d5ef8bcb79f715c46bcd5c70443e1ab27c9e5dd1071c8
                                                                                                                • Instruction Fuzzy Hash: CAF0276450F5C66FE78AFB7840219A4FFD0DF0725078808FAC489CF2A3D92574498764

                                                                                                                Non-executed Functions

                                                                                                                Function 00007FF7C0E715FA Relevance: 5.4, Strings: 4, Instructions: 409COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000021.00000002.1751723053.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_33_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: +C_^$,C_^$.C_^$0C_I
                                                                                                                • API String ID: 0-795685355
                                                                                                                • Opcode ID: d33fd606f06d9fd89f0cfc206cbc4edaa39b19cdd3470d5b5e542e2446548a15
                                                                                                                • Instruction ID: fc3222e780767dd71235a522ce849a02a03873b509cab6b282c573c2f15dedca
                                                                                                                • Opcode Fuzzy Hash: d33fd606f06d9fd89f0cfc206cbc4edaa39b19cdd3470d5b5e542e2446548a15
                                                                                                                • Instruction Fuzzy Hash: 15D1C67530E5C19FE3065BBDB855299FF60FFC623871883EBC0994B15BCA20AA1687C5

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C0EA2AB0 Relevance: 1.1, Instructions: 1097COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859664643.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 76ad60d8788d1f33ed1febcb2188bc76acc4d43cc40cac2d265e528496f744c6
                                                                                                                • Instruction ID: 84ad46bea4faa27998a9d07120abd53251682d7f03c4830cf51e088e9b0c0e68
                                                                                                                • Opcode Fuzzy Hash: 76ad60d8788d1f33ed1febcb2188bc76acc4d43cc40cac2d265e528496f744c6
                                                                                                                • Instruction Fuzzy Hash: D342756120E9C19FE3069B7DA414395BF60FF4A21431482FBD0998B59BCF24E9A787C6
                                                                                                                Function 00007FF7C0DD0FF1 Relevance: .7, Instructions: 660COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ea3383a7875aa882584a9b840eb0707d2792a53123a4ff123fe29388a01690d0
                                                                                                                • Instruction ID: bd1ab29a560c226776cbbd3e59ac63ebd7e1420cfffb6e877ba007af781ca29f
                                                                                                                • Opcode Fuzzy Hash: ea3383a7875aa882584a9b840eb0707d2792a53123a4ff123fe29388a01690d0
                                                                                                                • Instruction Fuzzy Hash: 01125930A1CB855FE349EB2884566B5BBE1FF95360B5445BED08FC3293DE28B8438791
                                                                                                                Function 00007FF7C0DD2350 Relevance: .5, Instructions: 478COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d56c31cb617c382865577bea245bb3aac38c817ede76158092352d75730f09d5
                                                                                                                • Instruction ID: 386f30543e3a63cb6aae8945fa021b677ac0da2bd541518f0a86273279b3a453
                                                                                                                • Opcode Fuzzy Hash: d56c31cb617c382865577bea245bb3aac38c817ede76158092352d75730f09d5
                                                                                                                • Instruction Fuzzy Hash: F6E11630A1DB8A4FE749EB7884566B9B7E1EF55360B8401FDC44BC72A3DE2CB8068751
                                                                                                                Function 00007FF7C0DD0BC6 Relevance: .2, Instructions: 242COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 23148c292753bb507bf172ca0ed59e58b0818de498119f862131d0e2412ea06f
                                                                                                                • Instruction ID: fd2f385a56be7ac22c418b56aefec555634c905f0923c6bf224ecac45f064fdd
                                                                                                                • Opcode Fuzzy Hash: 23148c292753bb507bf172ca0ed59e58b0818de498119f862131d0e2412ea06f
                                                                                                                • Instruction Fuzzy Hash: 4681C43061DB459FE796EF7894507A5BBE1EF89320F5444BDC04EC3292CB29B84AC7A0
                                                                                                                Function 00007FF7C0E9062D Relevance: .2, Instructions: 212COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859664643.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 839f003cb2824eaf91395dbc97621a45308bd8b09061d60b1ef1bdc24df2cc14
                                                                                                                • Instruction ID: 0b29869c0c931e8a1cbb69c7be47eb2fb18b7946a159e66dd554b2158f9cd679
                                                                                                                • Opcode Fuzzy Hash: 839f003cb2824eaf91395dbc97621a45308bd8b09061d60b1ef1bdc24df2cc14
                                                                                                                • Instruction Fuzzy Hash: 1761E47155E7865FE346FB7884166E9BBE0EF4632074400FFC05ACB2A3CA1E684AC351
                                                                                                                Function 00007FF7C0DD05E8 Relevance: .2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1d7f1b53fcdc8f551eee9ab9072bbb4ef4fa1f426186e7e1573028e6912827e
                                                                                                                • Instruction ID: 1c46349847a1f327792105f9df7f0393048924712c7e00efdb3a51a1a8335069
                                                                                                                • Opcode Fuzzy Hash: e1d7f1b53fcdc8f551eee9ab9072bbb4ef4fa1f426186e7e1573028e6912827e
                                                                                                                • Instruction Fuzzy Hash: AA51F87050E386AFD306D7388859560BFA0EF4732475942FEC499CB1A3D629B85BC7A2
                                                                                                                Function 00007FF7C0E907E4 Relevance: .1, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859664643.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 44f1e6433cce915e6f7277dbb2a56d58c8435d82c8f6e3307c8129c472a99c9b
                                                                                                                • Instruction ID: ffa35b9fc8f45ea86fefc2d396253e787c47983d2d35a750bb52dab153b14c06
                                                                                                                • Opcode Fuzzy Hash: 44f1e6433cce915e6f7277dbb2a56d58c8435d82c8f6e3307c8129c472a99c9b
                                                                                                                • Instruction Fuzzy Hash: 5141A27055B3469FD38AEB788426A957BF0EF0632074504FEC44ACF1B2D65E6C0AC711
                                                                                                                Function 00007FF7C0DD0901 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 644556d561778a8376a714d9ea19933cf5a62dd5cc568e0d08b127e2d715a979
                                                                                                                • Instruction ID: 27b8bca0c004b4f8504a1fae38691aeb9ae2c5eace34e2fdc8e54751908c4e23
                                                                                                                • Opcode Fuzzy Hash: 644556d561778a8376a714d9ea19933cf5a62dd5cc568e0d08b127e2d715a979
                                                                                                                • Instruction Fuzzy Hash: AA315C30619A088FDB85FB3CC85DA687BE1FF9935178901F5E409CB2B2EE69EC418741
                                                                                                                Function 00007FF7C0DD1AB2 Relevance: .1, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 65dbf00782a804126a3146fc8b76346253f3b6295d84a8e7f12adcf7a35fb6b5
                                                                                                                • Instruction ID: 540dd61fd21a83938dab95e8a5b8229437f8dbe3ad3a2770d79a320503121fc9
                                                                                                                • Opcode Fuzzy Hash: 65dbf00782a804126a3146fc8b76346253f3b6295d84a8e7f12adcf7a35fb6b5
                                                                                                                • Instruction Fuzzy Hash: 7D310B6060DB864FD756A77C98652B5BFE0FF4622174902F7C049CB1A3DE18AC87C391
                                                                                                                Function 00007FF7C0DD1BA5 Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 918d4e11f45657a2a1b440f49fea5d5be2d9272387a4a4488f33957acebf9dd8
                                                                                                                • Instruction ID: d52fab4b075f664649a185a0af457767664215b66fa63d74c1c800d6b1b30480
                                                                                                                • Opcode Fuzzy Hash: 918d4e11f45657a2a1b440f49fea5d5be2d9272387a4a4488f33957acebf9dd8
                                                                                                                • Instruction Fuzzy Hash: 7D114830E2E7895FD3866738582A2A47AE0EF53250B4501FBD009CB2A2E91C2C05C351
                                                                                                                Function 00007FF7C0E90817 Relevance: .0, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859664643.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9ec6079d3933b2ce857ad24fe82b45377e9e4078d2d0252e2cf8624fec44b55f
                                                                                                                • Instruction ID: cda956cd1403fb19c243e889de4a03b3bb9d76e864b16135ce4e3ad4a55b06ad
                                                                                                                • Opcode Fuzzy Hash: 9ec6079d3933b2ce857ad24fe82b45377e9e4078d2d0252e2cf8624fec44b55f
                                                                                                                • Instruction Fuzzy Hash: C6F0547026B7064FD38AEB78C466AD47AE1EF0632034104BDD45ACF2B2D55E9C068710
                                                                                                                Function 00007FF7C0DD19D8 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 277d1a84d28df4a0f2d6659bd0cd64cdb338d079f50d3aea555ca87cdddf0fd6
                                                                                                                • Instruction ID: 4070a6b487844c65500adeffe39fa85f59c01d2b7888a11f3d40b7c986975a99
                                                                                                                • Opcode Fuzzy Hash: 277d1a84d28df4a0f2d6659bd0cd64cdb338d079f50d3aea555ca87cdddf0fd6
                                                                                                                • Instruction Fuzzy Hash: 4CF0827040F3825FD356E7B4445A6D8BFD0AF4522074405FDC409CB1A3EA6D28458761
                                                                                                                Function 00007FF7C0DD089D Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 47352bcdee9b4e922407ebc87015facf6c5129ef43eb0bce5503755ee6273307
                                                                                                                • Instruction ID: 916f71e21664b19ddd122a3a19ad3fc2d9693b7a7d46e0834d829fd62779bcac
                                                                                                                • Opcode Fuzzy Hash: 47352bcdee9b4e922407ebc87015facf6c5129ef43eb0bce5503755ee6273307
                                                                                                                • Instruction Fuzzy Hash: BCF06D2091D7854FD342AB344C296967FF4CB57264B0905FBD888CB1B3D41C9D4A8363
                                                                                                                Function 00007FF7C0E90871 Relevance: .0, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859664643.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dcb35b40733aa857c638615965b9f6fcc2e6c212f6a57ac49a7a4ea5e9d65396
                                                                                                                • Instruction ID: a75878959c61a0a7aafd24236c0c5cd9cb569089c7f859841d754b4f1a8aa3e1
                                                                                                                • Opcode Fuzzy Hash: dcb35b40733aa857c638615965b9f6fcc2e6c212f6a57ac49a7a4ea5e9d65396
                                                                                                                • Instruction Fuzzy Hash: 2CE06522E4F2475FE756B66454121FDBBA09F82320BC404BBC049C72D2DA0E34044391
                                                                                                                Function 00007FF7C0DD08E1 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000023.00000002.1859507514.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_35_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction ID: 11a0116191d14224efca1f29a18245d2d0434c53beee0971507a0912eb7936d1
                                                                                                                • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction Fuzzy Hash: 6EC0120084D62602AED03988B402AF8EB808BC1234F850874E94C86292EA4E79C202F6

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C0EA5FF2 Relevance: 1.7, Strings: 1, Instructions: 432COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1971040165.00007FF7C0EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0ea0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?_^
                                                                                                                • API String ID: 0-3046678195
                                                                                                                • Opcode ID: 8bb8b6395e8d6ea9914b49deb5d5ef4bd6889fe4f11432378afaa6bb4b43184d
                                                                                                                • Instruction ID: 36d5db1fac41249d2184bd5e147add9a5dff61aaa5196ec47124485d94921011
                                                                                                                • Opcode Fuzzy Hash: 8bb8b6395e8d6ea9914b49deb5d5ef4bd6889fe4f11432378afaa6bb4b43184d
                                                                                                                • Instruction Fuzzy Hash: 75B1B617A4D5A20BD31277BCB8562E86F50CF8A375B4842B7D5CCCA293DF08B54A83E5
                                                                                                                Function 00007FF7C0DE0FF1 Relevance: .7, Instructions: 653COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5a6c6b9176b1ba38487f4183a4aa981dbb566891b127f5d19fd0868c59d6c787
                                                                                                                • Instruction ID: 66231da42f18766328c6d550f53b0beb5bd3278b753ab59a1a60f9cef331b4bc
                                                                                                                • Opcode Fuzzy Hash: 5a6c6b9176b1ba38487f4183a4aa981dbb566891b127f5d19fd0868c59d6c787
                                                                                                                • Instruction Fuzzy Hash: 4E123730A1CB854FD34AEB2888565B5BBE1FF96750B5445BED09FC3293DE28B8438781
                                                                                                                Function 00007FF7C0DE2357 Relevance: .6, Instructions: 593COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 15b3616a3a4ddb2d4fbb7e94c97937e11b9f822677d908010b3f47f649370cc1
                                                                                                                • Instruction ID: 9675a5a48853f9f754ee6efcd67df725e818031c36dc7a41da521401d0c172a0
                                                                                                                • Opcode Fuzzy Hash: 15b3616a3a4ddb2d4fbb7e94c97937e11b9f822677d908010b3f47f649370cc1
                                                                                                                • Instruction Fuzzy Hash: 0002C670A1DA894FD759EB7884656B9BBE1EF59310F4805BED48FC7393CE18B8028781
                                                                                                                Function 00007FF7C0DE0BC6 Relevance: .2, Instructions: 241COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8e89dd5175e6736129cb908a03c8824ea889d182d482dc2a91cb4e2ee7f700a4
                                                                                                                • Instruction ID: 7af10138e6aefcf2df8aba074c93845e84957dd54c3ff5df018f6bbe95e2f158
                                                                                                                • Opcode Fuzzy Hash: 8e89dd5175e6736129cb908a03c8824ea889d182d482dc2a91cb4e2ee7f700a4
                                                                                                                • Instruction Fuzzy Hash: 4C81F43061D9894FE759EF6884617A5BBE1EF4A320F5844BDC08EC3792CB29B486C790
                                                                                                                Function 00007FF7C0EA063F Relevance: .2, Instructions: 206COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1971040165.00007FF7C0EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0ea0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ab444d3f4db580c26eff8cd3f39b672aae7a18310d1bd490a30df97b44e4d406
                                                                                                                • Instruction ID: 7bd61e58cdc01fcb5560bae816035e968925c852fb879e046ec61f3d7984634b
                                                                                                                • Opcode Fuzzy Hash: ab444d3f4db580c26eff8cd3f39b672aae7a18310d1bd490a30df97b44e4d406
                                                                                                                • Instruction Fuzzy Hash: 3F51E97060F6C51FD355F7BD5076579BFE1EF5A22070844EEC08ACB6B2CA18A8168351
                                                                                                                Function 00007FF7C0DE0901 Relevance: .1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a50651eef620beab1a0004b154865769f0e38b790ffff4640f8cb6bf385f4071
                                                                                                                • Instruction ID: 00e74c5989fcfc4f5645cded0583471f53da8031faad24524491dac08250a200
                                                                                                                • Opcode Fuzzy Hash: a50651eef620beab1a0004b154865769f0e38b790ffff4640f8cb6bf385f4071
                                                                                                                • Instruction Fuzzy Hash: 81314A306199188FD785FB3C8859AA87BE1EF9935178901F5E409CB2B2EE29EC81C741
                                                                                                                Function 00007FF7C0DE1AB2 Relevance: .1, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7abb54361437ad3a63c94da4d89ca252394729f2cc40d695605a3ab12d32a4dc
                                                                                                                • Instruction ID: 0ae3c395e5ab4697a143996e38eeb11f012f269fe6bc0664e8ab62ef7de65609
                                                                                                                • Opcode Fuzzy Hash: 7abb54361437ad3a63c94da4d89ca252394729f2cc40d695605a3ab12d32a4dc
                                                                                                                • Instruction Fuzzy Hash: C6310B6070DA854FE756A77D58652B5BFE1FF5612074901FBC049C72A3DE08AC87C391
                                                                                                                Function 00007FF7C0EA07E4 Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1971040165.00007FF7C0EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0ea0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 43d2872a3a9cf8394502215e58d6842242e273bbb0eaf0a7bc122c30c2eadd52
                                                                                                                • Instruction ID: 1011d25bef43543f1a5735d44bef414778a845de2e922bde5a3c730f49688e13
                                                                                                                • Opcode Fuzzy Hash: 43d2872a3a9cf8394502215e58d6842242e273bbb0eaf0a7bc122c30c2eadd52
                                                                                                                • Instruction Fuzzy Hash: ED21517024B6C55FC35AEBB8C5B6AA57FE1EF0B21070804EDD486CF6B3C6199816D701
                                                                                                                Function 00007FF7C0DE1BA5 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 22ed1d7b4cda6f6541617b10172125c8da80b663862a7f783d0938b961d34ee9
                                                                                                                • Instruction ID: d02ce986d5b7ac0c4b59c839c4df80a0b3d82eceeb4423bba8ba3a8a73bc5462
                                                                                                                • Opcode Fuzzy Hash: 22ed1d7b4cda6f6541617b10172125c8da80b663862a7f783d0938b961d34ee9
                                                                                                                • Instruction Fuzzy Hash: 0C114821E1EAC51FC356637C58761B47FE0EF57240B8805FAD088CB2A7D9182C06C341
                                                                                                                Function 00007FF7C0EA08A0 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1971040165.00007FF7C0EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0ea0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: efc138b23ab30a5e4964f346da5ec9200eed9243c7bc6884ea4e9a3410401fc8
                                                                                                                • Instruction ID: a9d299b0e9af1c4899c3f8052048ba22c17fa554f9e1aa34cc98aba5ce1e9442
                                                                                                                • Opcode Fuzzy Hash: efc138b23ab30a5e4964f346da5ec9200eed9243c7bc6884ea4e9a3410401fc8
                                                                                                                • Instruction Fuzzy Hash: FF11A97064F6C54FD746F7B895765A57FF0DF4B22070808EDC48ACB2B2C60564169311
                                                                                                                Function 00007FF7C0EA0817 Relevance: .0, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1971040165.00007FF7C0EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EA0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0ea0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cfe0c6a97812d73a76aa4c77d045493794c3f7b9557c1025595b0b488b4aefc7
                                                                                                                • Instruction ID: 2a25d5ff2575f7af7dd3c9ba425f54cdabbcf789e559d2d979d2f9e03b62720c
                                                                                                                • Opcode Fuzzy Hash: cfe0c6a97812d73a76aa4c77d045493794c3f7b9557c1025595b0b488b4aefc7
                                                                                                                • Instruction Fuzzy Hash: 57F0543025B6850FC74AF7BCC576AA57FD1EF0B21034804EDD48ACB2B2C549A4139700
                                                                                                                Function 00007FF7C0DE089D Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ccdf8f57977f49d3ce2a3a214708c6e38caad385b4ac1e59883adef23ff38143
                                                                                                                • Instruction ID: ba4861d91e5bca5e2cc08a499147f508c084880a2c7e9cb2c6a60ca27d03009b
                                                                                                                • Opcode Fuzzy Hash: ccdf8f57977f49d3ce2a3a214708c6e38caad385b4ac1e59883adef23ff38143
                                                                                                                • Instruction Fuzzy Hash: 75F06D6090D7C50FD347A7744D686927FF0CE5B154B0905FB9888C71B3D4188A468362
                                                                                                                Function 00007FF7C0DE08E1 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction ID: 0e9fcdf65b15617d4613efda49836637a632bd8d00162c12163725354db34cd0
                                                                                                                • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction Fuzzy Hash: 97C0120085D82602BE883948B4428F8EB808B81230F860874E96C962D2EA4E79C282F2
                                                                                                                Function 00007FF7C0DE1A16 Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000025.00000002.1969344845.00007FF7C0DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DE0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_37_2_7ff7c0de0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction ID: 5d5fc7228f7dc1107aa5799bd1f75e0f46e782dfe573963a13a2f8c3d79dc359
                                                                                                                • Opcode Fuzzy Hash: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction Fuzzy Hash: A3A00204E87A0A06DE4C75F518961A8B4C15B89120FC52874941DC2382FD9E69D54691

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C0E71DFA Relevance: 5.8, Strings: 4, Instructions: 838COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077592662.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: #C_$$C_^$%C_^$&C_^
                                                                                                                • API String ID: 0-2116336015
                                                                                                                • Opcode ID: bb29d44ffad2be32547405230c84b33c92194acc5e9b27fe39cba2d7c92bf5c7
                                                                                                                • Instruction ID: 1ba671b2f4eb37c694d8e6a740fd76d7d0eea72b2b2cc22a504b496be3aa72ec
                                                                                                                • Opcode Fuzzy Hash: bb29d44ffad2be32547405230c84b33c92194acc5e9b27fe39cba2d7c92bf5c7
                                                                                                                • Instruction Fuzzy Hash: BEC1F627A0D1620FE212777CB8462E97F90DF85379B4842B7D59CCA293DF08B68642E5
                                                                                                                Function 00007FF7C0DB0FF1 Relevance: .7, Instructions: 661COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 32e0749fd63bff02fc1178b815286de15f5a04144af015e1eaa2be5587a98b4e
                                                                                                                • Instruction ID: 687a6e0b7fab6346774396fcf87cc5f8e2699eda214b8bccb13ca2fa236de2eb
                                                                                                                • Opcode Fuzzy Hash: 32e0749fd63bff02fc1178b815286de15f5a04144af015e1eaa2be5587a98b4e
                                                                                                                • Instruction Fuzzy Hash: CE125830A1CB865FD349EB2884555B6BBE1FF95750B9405BED48EC3293DE28F8038791
                                                                                                                Function 00007FF7C0DB22B4 Relevance: .6, Instructions: 550COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 484e7751efadd2d1e00feefc050583128a8a6fd64cd4ca225d27c1be60f7bd93
                                                                                                                • Instruction ID: 91d68cd87fd8b4339a37514e8dee00fe7ac5df6561e8294f0dcbb0e1af70fd17
                                                                                                                • Opcode Fuzzy Hash: 484e7751efadd2d1e00feefc050583128a8a6fd64cd4ca225d27c1be60f7bd93
                                                                                                                • Instruction Fuzzy Hash: A902E860A1EAC62FE759EB7C44666BABFD1EF55210B4805FDD48BC7293CE1CB8028351
                                                                                                                Function 00007FF7C0DB2402 Relevance: .2, Instructions: 222COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8e3d303b94e2d99a77b92f307092839ecea11c78ca795df8400b28b05b94154f
                                                                                                                • Instruction ID: b2765e692620e8ea88beb4cab6b6ed6111a48ed9116204a066dbf41a915108dd
                                                                                                                • Opcode Fuzzy Hash: 8e3d303b94e2d99a77b92f307092839ecea11c78ca795df8400b28b05b94154f
                                                                                                                • Instruction Fuzzy Hash: BF713770A2DACA1FD749EB7844655B9BBE0EF45321B4805FED49BCB293CE18F8028751
                                                                                                                Function 00007FF7C0E7062D Relevance: .2, Instructions: 215COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077592662.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 937552318324b5f9a0ef404b1600211a70330dcf2f50b78c779536b1a16f21ff
                                                                                                                • Instruction ID: b13300ce3730d3f6e4967e0179893c23ddffc4cba509844fa53ff3c7a6c8884c
                                                                                                                • Opcode Fuzzy Hash: 937552318324b5f9a0ef404b1600211a70330dcf2f50b78c779536b1a16f21ff
                                                                                                                • Instruction Fuzzy Hash: 24617CA055F6C65FD35AF77C446A6B6BFD0DF4622070809EED08ADB2A3CA1CA807C351
                                                                                                                Function 00007FF7C0DB0BC6 Relevance: .2, Instructions: 177COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a85624d331979fbd33a2bb58f2c77b40a481f5c5883c85c614b48c4e11802247
                                                                                                                • Instruction ID: 4539fa910384f59a08a818705a8fe3a593a6f28e3d2a7101fd48206020f76f62
                                                                                                                • Opcode Fuzzy Hash: a85624d331979fbd33a2bb58f2c77b40a481f5c5883c85c614b48c4e11802247
                                                                                                                • Instruction Fuzzy Hash: 5751E630A1C9456FE769EF6884557A9BBE0EF48320F4409BDD44EC3282CF28F446C795
                                                                                                                Function 00007FF7C0DB1AB2 Relevance: .1, Instructions: 129COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 40a0bcebd141ee73edc1c2d345e031ea3ab563ce6a77f2ead6870f84a5427ab7
                                                                                                                • Instruction ID: 844f3c1199480045f399ba68f9439ea383176a6d818fda65f001c552bde699f0
                                                                                                                • Opcode Fuzzy Hash: 40a0bcebd141ee73edc1c2d345e031ea3ab563ce6a77f2ead6870f84a5427ab7
                                                                                                                • Instruction Fuzzy Hash: BC31506170EA865FD756A73C58552B5BFE0FF8612178801FBC44DCB193DE08AC478391
                                                                                                                Function 00007FF7C0DB0901 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c9a6dd093938f01124a8135e18bd28875becfab2d0e8b991b3b9755c8a2bfc18
                                                                                                                • Instruction ID: aa2fe08b8f6b52d61d1e5d674df12fe53043c215966fd8c1753403d9ab7c690d
                                                                                                                • Opcode Fuzzy Hash: c9a6dd093938f01124a8135e18bd28875becfab2d0e8b991b3b9755c8a2bfc18
                                                                                                                • Instruction Fuzzy Hash: 12312B306199098FD785FB3C8859A697BE1EF9935178901F5E409CB2B2EE28EC418741
                                                                                                                Function 00007FF7C0E707E4 Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077592662.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3b28a8a7f414229cda1ed26d26b6a4c583c23e300afaf817cc8487be391f0409
                                                                                                                • Instruction ID: 0835005cd4188500fb798a123312459fcd6e67c2320178c0fa800609218efcef
                                                                                                                • Opcode Fuzzy Hash: 3b28a8a7f414229cda1ed26d26b6a4c583c23e300afaf817cc8487be391f0409
                                                                                                                • Instruction Fuzzy Hash: 9B2154701AA5859FD35AEB7888A5A967FE19F0A21070809EDD096DF1B3C6189807C715
                                                                                                                Function 00007FF7C0DB1BA5 Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 358c317ad2cd27065bdc6b8a7c54c7a4949630231efef39ca4e22028e2bc9f53
                                                                                                                • Instruction ID: 5342ec55456fdafb494478080de4c0c6f8115300a573a2c3498872058ed3897c
                                                                                                                • Opcode Fuzzy Hash: 358c317ad2cd27065bdc6b8a7c54c7a4949630231efef39ca4e22028e2bc9f53
                                                                                                                • Instruction Fuzzy Hash: 5E116B60E2E6C56FD359633C0C6A6B57FE0EF5725078806FAD088CB2E3D81C2C068352
                                                                                                                Function 00007FF7C0E70871 Relevance: .1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077592662.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e4b9fef760bd99cd2e6855c616a893a1a98e4b059cba8614438bd35d0028f3c0
                                                                                                                • Instruction ID: 74ef723d94b6995742af140492f8c7d91c05f489ea4a2752f7b5d0b497fb52cd
                                                                                                                • Opcode Fuzzy Hash: e4b9fef760bd99cd2e6855c616a893a1a98e4b059cba8614438bd35d0028f3c0
                                                                                                                • Instruction Fuzzy Hash: 4811CC7059F1C69FE74AF77C48655B9BFE09F4622474408FED48ADB1E2CA0C64168362
                                                                                                                Function 00007FF7C0E70817 Relevance: .0, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077592662.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: af7437125f2266879f2496014e812ced0fdf3097d20d7830655105e890bd04a1
                                                                                                                • Instruction ID: a572469519d4133652dada4c47f0ca81b036c62f24245bdd0159c300e041d281
                                                                                                                • Opcode Fuzzy Hash: af7437125f2266879f2496014e812ced0fdf3097d20d7830655105e890bd04a1
                                                                                                                • Instruction Fuzzy Hash: 2FF089601AF5865FD34EE77C846ABA57FD1DF0A31034419EDE09ADB2A2C54DE4038715
                                                                                                                Function 00007FF7C0DB089D Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9491d0fd165774274de96011cb248f8d2b7947df3f46e87a8e19e7859fcbb560
                                                                                                                • Instruction ID: 5031a0834a59db9e291f21043c04ac6f540bf744bd58d4927b1308dfd67aab3a
                                                                                                                • Opcode Fuzzy Hash: 9491d0fd165774274de96011cb248f8d2b7947df3f46e87a8e19e7859fcbb560
                                                                                                                • Instruction Fuzzy Hash: 8EF06D6095E7C50FD742A7344C685927FE4CE5B254B0909EB9888D71B3D41CC9468367
                                                                                                                Function 00007FF7C0E72488 Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077592662.00007FF7C0E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E70000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0e70000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 063f8a5ca56a611b8aa4b890c4f20d18fa05b17e8c99c02430a7ad3980c966d7
                                                                                                                • Instruction ID: 8585b4e1b120e4f23695dfb9513370245ba8fb65b05c0e7ada9fc3154f186693
                                                                                                                • Opcode Fuzzy Hash: 063f8a5ca56a611b8aa4b890c4f20d18fa05b17e8c99c02430a7ad3980c966d7
                                                                                                                • Instruction Fuzzy Hash: 00E0C0704194448FD314F77C9819AE1BBD0CF0B32074901E9E449CB2B2C50C9C828340
                                                                                                                Function 00007FF7C0DB08E1 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction ID: ac6ad3088cd703b0db6e4a97d68d2f2472b8ca93470e734492ce0d3873e07088
                                                                                                                • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction Fuzzy Hash: DEC0120484D42622AE903948B0028F8EB808B81230F850874ED4C86292EA4E7AC202FA
                                                                                                                Function 00007FF7C0DB1A16 Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000029.00000002.2077275890.00007FF7C0DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_41_2_7ff7c0db0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction ID: ac52d8e6115f9d165d18156bba744199a078e1d505c48d5ee7f901eaaf8be37b
                                                                                                                • Opcode Fuzzy Hash: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction Fuzzy Hash: 81A00204E8790A16DE6875B518561A8B4C15B89120FC52874980DC2782FD9EA99506A5

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C0E90C5D Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185864709.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: d
                                                                                                                • API String ID: 0-2564639436
                                                                                                                • Opcode ID: d3639bc8fa3d6f9339ccc1a2e0bff35e08eb44f8ba2d2c923b5020c45028adf4
                                                                                                                • Instruction ID: eb61b5de3ae8f77a9671d67b0acca88c26bd379f0e68037d45950d72d0b179ae
                                                                                                                • Opcode Fuzzy Hash: d3639bc8fa3d6f9339ccc1a2e0bff35e08eb44f8ba2d2c923b5020c45028adf4
                                                                                                                • Instruction Fuzzy Hash: FD51C06158E7C60FE35357B898652A57FE1DF87130B4901FBD089CB1A3DA0D584BC3A2
                                                                                                                Function 00007FF7C0DD0FF1 Relevance: .7, Instructions: 654COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2c7b74f6a36e0360def725ccd7b1d38c396c8f3ce08d87fd843569f27d6322f3
                                                                                                                • Instruction ID: a191f6afd3e3108aaab2763c4855353cf6bc074a944d105f399fba0e1998204f
                                                                                                                • Opcode Fuzzy Hash: 2c7b74f6a36e0360def725ccd7b1d38c396c8f3ce08d87fd843569f27d6322f3
                                                                                                                • Instruction Fuzzy Hash: 0F124730A1CB855FE749EB2888556B5BBE1FF95350F5446BED08BC3293DE28B8038791
                                                                                                                Function 00007FF7C0DD2350 Relevance: .5, Instructions: 466COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3d254b6780425d63f7ca7d1b55aa90d705aae51a830987c9a4b59b05b3ac9ee5
                                                                                                                • Instruction ID: da2da0066160d58a7e4bdd7bacc4864dd38ef239d7edc89c8b454207b0db0f0e
                                                                                                                • Opcode Fuzzy Hash: 3d254b6780425d63f7ca7d1b55aa90d705aae51a830987c9a4b59b05b3ac9ee5
                                                                                                                • Instruction Fuzzy Hash: D6E11470A1DA894FE74AEB3884557B9BBE1EF55324F9401FDC84BC72D3DE28A8028751
                                                                                                                Function 00007FF7C0DD0BC6 Relevance: .2, Instructions: 232COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 36bb491d660f2de7435192930815a664c608c0b0c3790359d651a7ec976b00d1
                                                                                                                • Instruction ID: 3ea8bc391f567c4148531f40ef9dbffc9df428e7a9a4e657ffd630288a5a49ca
                                                                                                                • Opcode Fuzzy Hash: 36bb491d660f2de7435192930815a664c608c0b0c3790359d651a7ec976b00d1
                                                                                                                • Instruction Fuzzy Hash: 3681C27061DA894FE756EF2894547A5BFE1EF89324F5804BDC48AC32C2CB29B446C7A1
                                                                                                                Function 00007FF7C0E9062D Relevance: .2, Instructions: 202COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185864709.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 40eaba1b12cbbd8cbdc1901715cf340df2156794c9edbb0bbd8f5d6d3e578330
                                                                                                                • Instruction ID: 7088cfe3a21d3c78b755516e705a759e07e47d27da3fbc819235195f0e60dd1a
                                                                                                                • Opcode Fuzzy Hash: 40eaba1b12cbbd8cbdc1901715cf340df2156794c9edbb0bbd8f5d6d3e578330
                                                                                                                • Instruction Fuzzy Hash: 8E61F6B190FA891FD356FB7884167BABFE19F46214F4804EED48ACB2E3DE1958058381
                                                                                                                Function 00007FF7C0DD05E8 Relevance: .2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 282b28856b909df84ae038da88a014f5daf9bfc0b569eccde2ae59b039296696
                                                                                                                • Instruction ID: 6ae97bb236cb91238d0c98356ec6dae1e5dcc886541f407b491d1c3af66b7151
                                                                                                                • Opcode Fuzzy Hash: 282b28856b909df84ae038da88a014f5daf9bfc0b569eccde2ae59b039296696
                                                                                                                • Instruction Fuzzy Hash: 0951077050E786AFD306D7388859560BFA0EF4732475842FEC49ACB1A3D629A857C7A2
                                                                                                                Function 00007FF7C0E907E4 Relevance: .1, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185864709.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bdc6ce0175ac905d4d15864225067c8c89a3b366bc4ddce7fd27fb156575d792
                                                                                                                • Instruction ID: 8bce78238517dac68879ba5157d6e1754c3e1923f85b8ac7ea20f49f208619e2
                                                                                                                • Opcode Fuzzy Hash: bdc6ce0175ac905d4d15864225067c8c89a3b366bc4ddce7fd27fb156575d792
                                                                                                                • Instruction Fuzzy Hash: 6441C3B051F6894FD74AEB3888667A5BFE0AF46315F4804EED88BCB2E3D7595805C701
                                                                                                                Function 00007FF7C0DD0901 Relevance: .1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e457b74e3e07f38d448d2256ff58247b482cbff306b49f66e1a7cbdb8cdfdd4e
                                                                                                                • Instruction ID: 0967ba4d113a9c48e39cbdd23cd9675f242929c186c45d9ff6fd96aa508c2e13
                                                                                                                • Opcode Fuzzy Hash: e457b74e3e07f38d448d2256ff58247b482cbff306b49f66e1a7cbdb8cdfdd4e
                                                                                                                • Instruction Fuzzy Hash: 3A312C316199188FD785FB3CC859A687BE1EF99351B8901F5E409CB2B2EE28EC418741
                                                                                                                Function 00007FF7C0DD1AB2 Relevance: .1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2d335d5cfea38688012b2bab2578ef32246ef9e1e67c2260510713d079421d95
                                                                                                                • Instruction ID: 7dbf01071c0eaefaf6bc724f6e27f70514f112986a4af392beae62e26d6a678c
                                                                                                                • Opcode Fuzzy Hash: 2d335d5cfea38688012b2bab2578ef32246ef9e1e67c2260510713d079421d95
                                                                                                                • Instruction Fuzzy Hash: 7F310B6060EB864FD756A77C98653B5BFE0EF46221B4901FBC449CB193DE18AC47C391
                                                                                                                Function 00007FF7C0DD1BA5 Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 12b6026dd7d59e8e7d89c13e2e964f30fd82c58392630c696fd4ac65507a50fb
                                                                                                                • Instruction ID: b2e12c8e1c7f7dadcf1ecd97b488228537da37d52c7d5886f69378072baaed68
                                                                                                                • Opcode Fuzzy Hash: 12b6026dd7d59e8e7d89c13e2e964f30fd82c58392630c696fd4ac65507a50fb
                                                                                                                • Instruction Fuzzy Hash: 7711E561D1EB895FD7466338586A3B47EE0DF57245F4901FAD849CB2E3E91C18058341
                                                                                                                Function 00007FF7C0E90817 Relevance: .0, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185864709.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 72f5d94a81cd538d6bb7103922deb1abc06f7a5be18fdcb5760fa99bde10080c
                                                                                                                • Instruction ID: 71f10b81446244b79545a29c91dca19711da36db605f29a230bcd86ded6bca51
                                                                                                                • Opcode Fuzzy Hash: 72f5d94a81cd538d6bb7103922deb1abc06f7a5be18fdcb5760fa99bde10080c
                                                                                                                • Instruction Fuzzy Hash: B9F054B461BA890FD74AEB78C466BA57ED19F06205F4504EDE84BCB2E3DA5A94018701
                                                                                                                Function 00007FF7C0DD19D8 Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b209926075f3f718483fa20f2a9c352482974c0aced8db6ebea60c52dfacd840
                                                                                                                • Instruction ID: ce6986a445e841561ba589a40c8bb30b85288017f07c81e802406c6322bb5af8
                                                                                                                • Opcode Fuzzy Hash: b209926075f3f718483fa20f2a9c352482974c0aced8db6ebea60c52dfacd840
                                                                                                                • Instruction Fuzzy Hash: B6F0827090B6875FD745F7B8844A798FFE0AF46220F4405FDC84ACB1A3EA6918458650
                                                                                                                Function 00007FF7C0DD089D Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a153e557deda80c7fdf61447eb2049d85a66921973d707538784ed7c95202c30
                                                                                                                • Instruction ID: cdacfed897aac9952cb4b75b371fb30dc3ad4a84bafb6aa565e74cba1f93d06f
                                                                                                                • Opcode Fuzzy Hash: a153e557deda80c7fdf61447eb2049d85a66921973d707538784ed7c95202c30
                                                                                                                • Instruction Fuzzy Hash: C4F0396191DB850FD742A6344C287967FE48B57258F0A05EB9888CB1A3D51889458362
                                                                                                                Function 00007FF7C0E90871 Relevance: .0, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185864709.00007FF7C0E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0E90000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0e90000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dbc4495d597a70cfaa90f112e9b8ebaabe2c7d43aac2accfa936b46a9da9a69b
                                                                                                                • Instruction ID: 15e93ab0212840848e198c9094ddfcc477409617bde995230210f095727775d6
                                                                                                                • Opcode Fuzzy Hash: dbc4495d597a70cfaa90f112e9b8ebaabe2c7d43aac2accfa936b46a9da9a69b
                                                                                                                • Instruction Fuzzy Hash: 32E06562E4F2865FE756B66458122FDBBA05F82324FD404FAD44AC72D2DA0924044391
                                                                                                                Function 00007FF7C0DD08E1 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002B.00000002.2185618425.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_43_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction ID: 11a0116191d14224efca1f29a18245d2d0434c53beee0971507a0912eb7936d1
                                                                                                                • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction Fuzzy Hash: 6EC0120084D62602AED03988B402AF8EB808BC1234F850874E94C86292EA4E79C202F6

                                                                                                                Executed Functions

                                                                                                                Function 00007FF7C0DD22E2 Relevance: 19.4, Strings: 15, Instructions: 665COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002D.00000002.2290514253.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_45_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: X7{s$`7{s$h7{s$x7{s$Z{s$Z{s$Z{s$Z{s$Z{s$Z{s$Z{s$Z{s$Z{s$Z{s$Z{s
                                                                                                                • API String ID: 0-1820040542
                                                                                                                • Opcode ID: a778f1ddf35e7416e29835372a926a234554b49ffb8cdc0cdb19fa00ff045a4d
                                                                                                                • Instruction ID: 5b7565173a6bb4542c1b319ff281eb9dcce170a6b42008e739964b50e7049994
                                                                                                                • Opcode Fuzzy Hash: a778f1ddf35e7416e29835372a926a234554b49ffb8cdc0cdb19fa00ff045a4d
                                                                                                                • Instruction Fuzzy Hash: 1F223630A1DBC64FE746EB7844556B9BBE1EF56360B9401BEC48BC7293DE2CB8028751
                                                                                                                Function 00007FF7C0DD0901 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002D.00000002.2290514253.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_45_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8ccf0408eeba790d80c8e08bbcc10cf57c56f7e322b8e2db8e2921d0b7bc37dd
                                                                                                                • Instruction ID: f9575a4bc149bc43108f57ac7728f4c3cdadab21917900eee203b1cc39a8e36a
                                                                                                                • Opcode Fuzzy Hash: 8ccf0408eeba790d80c8e08bbcc10cf57c56f7e322b8e2db8e2921d0b7bc37dd
                                                                                                                • Instruction Fuzzy Hash: A4315E306199098FD785FB3CC85DA6877E1FF9935178901F5E409CB2B2EE28EC418741
                                                                                                                Function 00007FF7C0DD08E1 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002D.00000002.2290514253.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_45_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction ID: 11a0116191d14224efca1f29a18245d2d0434c53beee0971507a0912eb7936d1
                                                                                                                • Opcode Fuzzy Hash: 6a8eb25ac0a1ec1ce17b9469195c15cbe69cff02e12e3b232dbbd58c787ba245
                                                                                                                • Instruction Fuzzy Hash: 6EC0120084D62602AED03988B402AF8EB808BC1234F850874E94C86292EA4E79C202F6
                                                                                                                Function 00007FF7C0DD1A16 Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000002D.00000002.2290514253.00007FF7C0DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0DD0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_45_2_7ff7c0dd0000_RegAsm.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction ID: a901f15c9adfa3c4b118d5e8846d711ac2b56e94949d5418420ff242b6accca9
                                                                                                                • Opcode Fuzzy Hash: 430d68f50f15d98e04983a1d150fb4e89e4368c93e2ae200fe2f42ae9dbe702c
                                                                                                                • Instruction Fuzzy Hash: 99A00204E87A0A06DE4875B52C562ACB5D15BC9220FC52974980DC2382FD9E699506A5